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A  problem  in  the  design  of  asynchronous  sequential  machines  is  the 
presence  of  races.  Races  arise  due  to  the  unequal  propagation  delays  of 
different  gates  or  delays  in  the  signal  paths  of  combinational  logic  used  in 
the  asynchronous  machine. 

Methods  of  race-free  design  are  available,  but  techniques  for 
eliminating  the  adverse  effects  of  races  after  implementation  has  not  been 
investigated.  When  races  occur  in  a  machine,  the  accepted  course  of  action 
is  to  build  a  new  machine  based  on  a  race-free  design.  We  propose  to  take  a 
different,  and  possibly  more  economical  route.  We  propose  to  develop 
techniques  for  the  design  of  external  controllers  that  control  the  race 
afflicted  machine  so  as  to  eliminate  the  adverse  effects  ^r  tl  °  races. 

The  controller  is  another  asynchronous  sequential  machine 
connected  as  a  feedback  controller  with  the  race  afflicted  machine.  The 


VI 


combined  closed  loop  system  is  operated  in  fundamental  mode  so  as  to 
ensure  no  new  races  arise  due  to  the  addition  of  the  controller. 

The  main  advantage  of  this  approach  is  that  it  circumvents  the  need 
to  replace  the  entire  machine.  The  construction  of  a  controller  is  in  many 
cases  more  practical  and  more  economical. 
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CHAPTER  1 
INTRODUCTION 


In  some  applications,  including  computer  software  or  hardware 
engineering,  one  may  encounter  asynchronous  sequential  machines  that 
exhibit  undesirable  behavior.  One  important  example  of  such  undesirable 
behavior  is  the  appearance  of  a  critical  race.  A  critical  race  is  a  flaw  in  the 
operation  of  an  asynchronous  sequential  machine,  which  causes  the 
machine  to  exhibit  unpredictable  behavior.  Critical  races  can  occur  as  a 
result  of  malfunctions,  design  flaws,  or  implementation  flaws.  When  a 
critical  race  occurs,  the  accepted  course  of  action  in  the  classical  practice  of 
computer  engineering  is  to  build  a  new  machine,  based  on  a  race  free 
design.  In  the  present  work  we  propose  to  take  a  different,  and  possibly 
more  economical,  route.  We  propose  to  develop  techniques  for  the  design  of 
external  controllers  that  control  the  race-afflicted  machine  so  as  to  render 
its  response  predictable,  and  eliminate  the  adverse  effects  of  the  race. 

The  main  advantage  of  this  approach  is  that  it  circumvents  the  need 
to  replace  the  entire  faulty  machine.  Instead,  one  only  needs  to  build  a 
controller  that  drives  the  faulty  machine  so  as  to  eliminate  the  effects  of  the 
race.  The  construction  of  the  controller  is  in  many  cases  more  economical 
than  the  replacement  of  the  faulty  machine;  moreover,  in  some  cases  (e.g., 
for  systems  that  operate  in  remote  or  inaccessible  locations),  the 
replacement  of  the  faulty  in    ehi    e  may  not  be  a  practical  option. 


To  be  somewhat  more  precise,  consider  an  asynchronous  sequential 
machine    I   that  exhibits  undesirable  behavior.  Following  the  general 
practice  of  Control  Engineering,  we  shall  attempt  to  correct  the  behavior  of 
the  machine  I  by  connecting  it  to  another  sequential  machine   C   that 
serves  as  a  controller,  as  depicted  below. 
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Figure  1.1.   A  controller  C   in  a  feedback  connection  with  a  machine   I. 


The  purpose  of  the  controller  C  is  to  drive  the  machine  I  so  as  to  correct 
its  behavior.  In  particular,  C   must  eliminate  the  effects  of  races  in   L,  and 
guarantee  that  the  input/output  response  of  the  closed  loop  system  is 
predictable.  The  controller   C   is  sometimes  called  a  corrective  controller. 
We  denote  by  Ic  the  input/output  machine  described  by  the  closed  loop 
system. 

The  main  objective  of  the  present  work  is  to  determine  necessary  and 
sufficient  conditions  for  the  existence  of  a  controller  C   that  counteracts  the 
effects  of  critical  races  in  a  machine   Z.  Whenever  such  a  controller  exists, 
we  also  provide  techniques  for  its  design. 

An  important  question  in  this  context  is  the  question  of  when  such  a 
corrective  controller  can  be  found.  In  intuitive  terms,  the  necessary  and 
sufficient  condition  for  the  existence  of  a  corrective  (    n  ^oller  is  quite 
simple.  First  note  that  the  objective  of  the  corrective  controller  is  to  force  the 
faulty  machine  to  perform  a  prescribed  set  of  desirable  state  transitions  (in 


a  deterministic  fashion).  Let  us  consider,  for  simplicity,  just  one  such 
desirable  transition,  say  from  state  A  to  state  B.  Then,  roughly  speaking, 
a  necessary  and  sufficient  condition  for  the  existence  of  a  corrective 
controller  is  that,  for  every  possible  outcome  of  the  critical  race,  there  must 
be  a  succession  of  inputs  that  takes  the  faulty  machine  from  state  A  to 
state  B. 

The  controller  functions  as  follows.  Using  its  feedback  arm,  the 
controller  detects  the  state  that  the  faulty  machine  has  reached  as  a  result 
of  the  race.  It  then  uses  that  information  to  create  an  input  value  that  starts 
the  machine  along  the  path  to  the  desired  state  B.  At  each  state  of  the  faulty 
machine  along  the  way  from  A  to  B,  the  controller  senses  the  state,  and 
applies  an  input  value  that  drives  the  machine  one  step  "closer"  to  B.  The 
overall  effect  of  this  process  is  to  transform  all  states  of  the  faulty  machine 
along  the  path  from  A  to  B  into  unstable  states,  in  such  a  way  as  to  create, 
in  effect,  a  direct  transition  from  state  A  to  state  B.  A  slight  further 
reflection  along  these  lines  also  indicates  that,  in  some  cases,  the  order  of 
the  corrective  controller  will  be  substantially  smaller  than  the  order  of  the 
faulty  system. 

Consider  a  sequential  machine   Z  that  has  a  critical  race  with  q 
possible  outcomes.  In  order  to  model  the  effects  of  the  race,  we  represent  £ 
by  a  family  M  =  {Ei,  ...,  Zq}   of  q  sequential  machine  models,  where  each 
one  of  the  models   Ii,  ...,  Sq   represents  the  behavior  of  the  machine  Z  for 
one  possible  outcome  of  the  race.  The  controller  C   must  control  I  so  that 
the  closed  loop  system   Ic   has  the  same  response,  irrespective  of  which  one 
of  the  models   Si,  ...,  Iq  is  inserted  into  the  loop  for  I.  In  this  way,  the 
closed  loop  system  response  is  the  same  for  all  possible  outcomes  of  the 
race,  and  hence  the  behavior  of  the  closed  loop  system  is  predictable.  In 


addition  to  making  the  closed  loop  system  predictable,  we  shall  also  use  the 
controller  C   to  assign  other  desirable  characteristics  to  the  closed  loop 
system  response. 

In  this  context,  it  is  important  to  emphasize  the  distinction  between  a 
stable  state  and  an  unstable  state  of  an  asynchronous  sequential  machine. 
In  simple  terms,  a  stable  state  is  a  state  at  which  the  machine  may  linger 
(if  an  appropriate  input  is  provided);  An  unstable  state  is  a  state  in  which 
the  machine  can  never  linger,  but  can  only  pass  in  transient.  In  its  path 
from  one  stable  state  to  another,  an  asynchronous  sequential  machine  may 
pass  in  rapid  succession  among  several  unstable  states.  Unstable  states  are 
inconspicuous  to  the  user  of  the  machine.  The  earlier  statement  regarding 
the  fact  that  the  closed  loop  system  Ic  has  the  same  response  for  all 
members  of  the  family  M  of  models  refers  only  to  stable  states.  In  fact,  in 
crude  terms,  the  controller   C   functions  by  transforming  into  unstable 
states  the  states  at  which  the  members  of  the  family  M  differ  from  each 
other,  and  creating  a  set  of  stable  states  for  the  closed  loop  system  that 
equalizes  the  response  for  all  members  of  M. 

In  its  treatment  of  families  of  sequential  machines,  the  present  work 
continues  along  the  path  charted  by  Hammer  [14-18].  The  main  highlight  of 
the  present  discussion  is,  of  course,  the  treatment  of  critical  races.  This 
work  develops  controller  design  techniques,  paying  particular  attention  to 
the  requirement  that  no  new  races  be  created  when  the  controller  C   and 
the  machine   I    are  combined  within  the  closed  loop  configuration.  In  more 
technical  terms,  the  controller   C   is  designed  so  that  the  controller  and  the 
system   I   always  operate  in  fundamental  mode. 

This  work  is  organized  as  follows.  Terminology  and  some  general 
background  material  are  covered  in  Chapter  2.  The  existence  of  corrective 


controllers  and  their  structure  are  discussed  in  detail  in  Chapters  3  and  5 
of  this  work.  Chapter  4  is  devoted  to  the  introduction  of  the  notion  of 
reachability  for  sequential  machines.  The  "matrix  of  transitions,"  a  matrix 
of  inputs,  and  the  "skeleton  matrix,"  a  numerical  matrix,  both  of  which 
play  an  essential  role  in  determining  the  existence  and  the  structure  of 
corrective  controllers  are  also  introduced  in  Chapter  4.  Two  comprehensive 
examples  of  the  construction  of  corrective  controllers  are  provided  in 
Chapter  6.  Future  lines  of  research  and  some  other  results  are  discussed  in 
Chapter  7.  The  presentation  is  for  the  case  of  a  machine  that  is  subject  to  a 
single  critical  race,  but  similar  techniques  can  be  used  to  treat  machines 
with  multiple  races  as  well. 

As  discussed,  the  present  work  is  concerned  with  the  use  of  control 
techniques  toward  the  abatement  of  the  effects  of  critical  races  in  existing 
systems.  Such  races  may  arise  despite  the  availability  of  well  established 
techniques  for  the  design  of  race  free  asynchronous  machines  (e.g.,  Liu 
[27],  Tracey  [42],  Kohavi  [24],  Maki  and  Tracey  [29]),  due  to  malfunctions  of 
components,  design  flaws,  or  implementation  flaws. 

Various  aspects  of  automata  have  been  investigated  by  many  people. 
Some  of  the  early  work  on  automata  theory  can  be  attributed  to  Turing  [43]. 
Huffman  [21][22]  investigated  various  aspects  of  the  synthesis  of 
asynchronous  relay  circuits.  Huffman  also  looked  at  race  conditions  and 
how  to  synthesize  race-free  circuits  using  state  assignments.  State 
assignment  methods  focus  on  the  encoding  of  the  state  variables  to  avoid 
races.  Huffman  uses  a  method  for  assigning  state  variables  so  the  resultant 
circuit  is  totally  sequential.  The  state  variables  of  adjacent  states,  the  ones 
with  direct  state  transitions,  differ  from  each  other  by  at  most  one  variable. 
Unger  [44]  showed  the  existence  of  inherent  hazards  within  fundamental 


mode  circuits  and  showed  how  to  eliminate  such  hazards  by  inserting 
delays. 

Other  work  on  the  synthesis  of  asynchronous  machines  was  done  by 
Mealy  [33]  and  Moore  [34].  They  investigated  state  and  circuit  equivalence 
and  provide  methods  for  synthesizing  asynchronous  and  synchronous 
sequential  machines.  Their  models  of  sequential  machines  are  two  of  the 
most  commonly  used  today. 

Single  transition  time  state  variable  assignments,  a  method  of  race- 
free  state  assignment,  was  introduced  in  work  done  by  Liu  [27].  All  internal 
transitions  of  a  machine  go  directly  from  unstable  states  to  terminal  stable 
states.  No  sequencing  through  unstable  states  is  permitted.  The  procedure 
uses  assignments  which  correspond  to  an  equidistant  error  correcting 
code.  This  is  similar  to  mapping  the  rows  of  a  flow  table  into  the  vertices  of 
a  unit  n-dimensional  cube,  where  the  distances  between  every  pair  of 
vertices  in  the  set  is  the  same.  The  assignment  is  not  guaranteed  minimal, 
but  works  well  with  incompletely  specified  flow  tables. 

Tracey  [42]  extended  Liu's  work  to  assignment  methods  which 
maximize  the  operating  speed  of  the  circuit.  The  work  done  by  Maki  and 
Tracey  [29]  presents  a  shared  row  state  assignment  method.  This  method 
allows  the  sequencing  through  several  unstable  internal  states  before 
becoming  stable  after  an  input  change.  This  method  generally  requires 
fewer  state  variables  than  single  transition  time  assignments. 

Other  work  regarding  race-free  synthesis  using  state  assignment 
methods,  and  hazard-free  synthesis  can  be  found  in  McCluskey  [31], 
Hazeltine  [19],  Armstrong,  Friedman,  and  Menon  [2],  Hlavicka  [20],  Mago 
[30],  Datta,  Bandyopadhyay,  and  Choudhury  [9],  Chiang  and 
Radhakrishnan  [7],  Piguet  [38],  Lavagno,  Keutzer,  and  Sangiovanni- 


Vincentelli  [25],  Oikonomou  [35],  Fisher  and  Wu  [13],  ,  and  Chu,  Mani,  and 
Leung  [8]. 

Yoeli  and  Rinon  [47]  and  Eichelberger  [10]  proposed  using  three  state 
logic  models  to  analyze  races  in  asynchronous  circuits.  Ternary,  or  three 
state  logic,  is  helpful  in  analyzing  certain  aspects  of  races  in  machines. 
Ternary  algebra  provides  an  efficient  method  for  the  detection  and  analysis 
of  hazards  and  races  in  sequential  circuits.  Ternary  models  were  further 
worked  on  by  Brzozowski  and  Yoeli  [6]  and  Brzozowski  and  Seger  [4][5]. 

Another  method  of  avoiding  races  in  asynchronous  sequential 
machines  involves  creating  a  synchronization  signal  or  clock  pulse  from 
the  other  signals  in  the  machine.  Two  of  these  methods  are  given  in 
Bredeson  and  Hulina  [3]  and  Whitaker  and  Maki  [45]. 

Other  applications  of  control  theory  to  the  design  of  automata  and 
asynchronous  machines  can  be  found  in  the  literature  on  discrete  event 
systems  (e.g.,  Ramadge  and  Wonham  [39-41],  Wonham  and  Ramadge  [46], 
Ozveren  and  Willsky  [36],  Lin  and  Wonham  [26],  Ozveren,  Willsky,  and 
Antsaklis  [37],  the  references  listed  in  these  papers,  and  many  others). 


CHAPTER  2 
TERMINOLOGY  AND  BACKGROUND 


2.1  Functions  and  Morphisms 

For  two  given  sets  X  and  Y,  a  function  f  with  domain  X  and 
codomain  (or  range)  Y  assigns  to  each  element  xeX  of  the  domain  an 
element  fix)  e  Y  of  the  codomain.  We  write  this  f :  X  — >  Y.  The  image  of  f : 
X  — >  Y,  Im  f,  is  the  set  of  all  values  fix),  for  x  e  X.  It  is  always  a  subset  of 
the  codomain.  Next,  we  look  at  the  effect  of  a  function  f :  X  -»  Y  on  subsets 
of  X.  The  image  of  f  under  f  of  UcX  is  defined  to  be  the  subset  flu)  =  {y  I 
y  €  Y  and  y  =  flu)  for  some  u  e  U).  A  function  f :  X  — >  Y  is  said  to  be 
surjective  when  its  image  is  its  codomain. 

Two  functions  f  and  g  are  equal,  f  =  g,  if  they  have  the  same 
domain,  the  same  codomain,  and  the  same  value   fix)  =  g(x)   for  each 
element   x   of  their  common  domain. 

For  any  set  X,  the  identity  function  lx  :  X  ->  X  is  that  function 

which  maps  each  element  x  e  X  onto  itself.  If  X  is  a  subset  of  U,  the 
insertion  i  :  X  -»  U  is  that  function  which  assigns  to  each  element  of  X  the 
same  element  now  in  X. 

The  composition  of  two  functions  f  and  g,  written  fg,  is  the  function 
obtained  by  applying  the  functions  in  succession,  first  g  then  f,  provided 
the  domain  of  f  is  the  codomain  of  g. 


A  function  r  :  X  — >  Y  is  a  restriction  of  a  function  f :  U  — >  V  when  X 
c  U,  YcV,  and  r(x)  =  fix)  for  each  x  €  X.  If  r  is  a  restriction  of  f  then  f 
is  an  extension  of  r. 

A  function  f :  X  — >  Y  is  injective  when   f  carries  distinct  elements  of 
its  domain  to  distinct  elements  of  its  codomain.  A  function  g  :  X  — >  Y  is 
surjective  when  its  image  is  the  whole  codomain  Y.  A  function  h  :  X  — >  Y 
is  bijective  if  it  is  both  injective  and  surjective.  In  brief  terms:  Injective  X  — » 
Y  is  a  one  to  one  map  of  X  into  Y,  Surjective  X  — >  Y  is  a  map  of  X  onto 
Y,  Bijective  X  —>  Y  is  a  one  to  one  map  of  X  onto  Y. 

A  function  XxX^X  is  called  a  binary  operation  on  X.  Let  *  be  a 
binary  operation  on  a  set  X,  and   *'   another  such  operation  on  a  set  X'.  A 
morphism   f :  (X,*)  — >  (X',*')  is  defined  to  be  a  function  on  X  to  X'   which 
preserves  the  operation  *  on  X,  i.e.  fix  *  y)  =  f(x)  *  fly)  for  all  x,  y  e  X.  The 
identity  map  of  a  set  X  is  a  morphism  for  any  binary  operation   *  on  X.  If 
f  and   g  are  two  morphisms,  so  is  the  composition  fg.  A  morphism   f  is 
said  to  be  a  monomorphism  if  the  function  f  is  injective,  an  epimorphism  if 
the  function  f  is  surjective,  and  an  isomorphism  if  the  function  f  is 
bijective. 

Two  sets,  X  and  X'  each  with  a  binary  operation  *  and  *' 
respectively,  are  called  isomorphic  when  there  exists  some  function  f 
which  is  an  isomorphism    f  :  (X,*)  -»  (X',*'). 

This  terminology  will  be  used  systematically  for  each  type  of 
morphism,  i.e.  for  morphisms  of  several  operations,  binary  or  otherwise. 
For  more  background  in  this  area  see  MacLane  and  Birkhoff  [28]. 
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2.2  Machines 

In  the  present  subsection  we  introduce  our  notation  and  review  some 
basic  notions  from  the  theory  of  asynchronous  machines.  An  asynchronous 
machine  is  activated  by  sequences  of  characters,  and  generates  sequences 
of  other  characters  in  response.  We  start  therefore  with  a  review  of  the 
basic  terminology  and  notation  related  to  sequences  of  characters. 

An  alphabet  is  a  finite  non-empty  set  A;  the  elements  of  A  are  called 
characters .  A  word  w  over  an  alphabet  A  is  a  finite  and  ordered  (possibly 
empty)  string  of  characters  from  A.  The  empty  word  is  usually  denoted  by 
the  symbol  X.  The  set  of  all  words  over  A  is  denoted  by  A*,  and  we  denote 
by  A+  the  set  of  all  non-empty  words  in  A*.  The  length    |w|    of  a  word  we 
A*   is  the  number  of  characters  in  w.  The  concatenation  of  two  words   w-^ 
w2  e  A*  is  a  word  w  :=  w1w2  in  A*,  obtained  by  appending  the  word  w2  to 
the  end  of  the  word  w-^  A  non-empty  word  w1  in  A*  is  a.  prefix  of  a  word 
w2  in  A*  if  w2  =  w-jW  for  some  w  e  A*;  w-^  is  a  suffix  of  w2  if  w2  =  w'w-j^ 
for  some   w'  e  A*.  A  non-empty  word  w±  is  a  subword  of  a  word  w2  if  w2 
=  ww-jw'   for  some  w,  w'  e  A*,  either  w   or  w'   could  be  empty.  Finally,  a 

sentence  is  a  non-empty  collection  of  words  of  A+,  and  we  shall  denote  by 
S(A)  the  set  of  all  sentences  of  the  alphabet  A. 

We  now  turn  to  a  discussion  of  sequential  machines.  A  sequential 
machine  provides  a  mathematical  model  for  a  computing  device  with  finite 
memory.  A  sequential  machine  has  the  following  properties: 

1.  A  finite  set  of  inputs  which  can  be  applied  to  the  device  in  a 
sequential  order. 
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2.  A  finite  set  of  internal  configurations  the  device  can  be  in.  These 
are  referred  to  as  states,  and  in  the  physical  device  correspond  to  flip  flop 
settings  or  combinations  of  bits  in  memory. 

3.  The  present  internal  configuration  and  the  input  determine  the 
next  configuration  the  device  achieves.  If  the  device  is  deterministic,  the 
next  configuration  is  unique. 

4.  A  finite  set  of  outputs  which  are  determined  by  the  configuration  of 
the  device  or  the  configuration  of  the  device  plus  the  input. 

We  can  divide  sequential  machines  into  two  main  classes, 
asynchronous  machines  and  synchronous  machines.  In  an  asynchronous 
sequential  machine,  the  values  of  the  output  and  internal  variable  may  be 
read  at  any  time,  and  the  machine  reacts  to  input  changes  instantaneously. 
A  synchronous  machine  provides  its  output  and  internal  variable  values 
only  at  predetermined  "clock"  times,  and  its  input  variables  are  allowed  to 
change  only  at  these  clock  times.  Our  present  work  concentrates  on 
asynchronous  machines. 

A  finite  state  machine  Z   is  determined  by  a  quintuple   (A,Y,X,f,h), 
where  A,  Y,  and  X  are  finite  non-empty  sets,  and  f :  XxA  — »  X  and  h  : 
XxA  — >  Y   are  partial  functions.  A  point  (x,u)  e  XxA   for  which  the  partial 
function  f  is  defined  is  called  a  valid  pair.  The  valid  pairs  simply  indicate 
which  input  values  are  permissible  with  a  given  state.  In  other  words,  the 
set  of  valid  pairs  is  the  domain  of  the  function  f.  The  set  A  is  called  the 
input  alphabet  of  Z,  Y  is  the  output  alphabet;  X  is  the  state  set,  f  is  the 

transition  function;  and  h  is  the  output  function.  We  assume  that  an 
initial  state  xQ  e  X  is  provided  with  Z. 

A  machine  Z  is  said  to  be  complete  if  its  transition  function  f  and 

its  output  function   h   are  functions  rather  than  partial  functions.  A 
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deterministic  finite  state  machine  is  often  referred  to  as  a  Mealy  machine. 
A  machine  is  referred  to  as  a  Moore  machine  if  its  output  function  does  not 
depend  on  the  input  variable. 

A  non  deterministic  finite  state  machine  I  =  (A,Y,X,f,h)    consists  of 
the  following  five  objects: 

1.)  A  finite,  non-empty  set  A  of  allowable  inputs  called  the  input 
alphabet. 

2.)  A  finite,  non-empty  set  Y  of  allowable  outputs  called  the  output 
alphabet. 

3.)  A  finite,  non-empty  set  X  of  states.  Any  number  of  these  states 
can  be  designated  as  initial  or  terminal  states. 

4.)   A  non  deterministic  transition  function   f :  (3(X)xA  — >  (3(X),  where 
(3(X)  denotes  the  set  of  all  subsets  of  X. 

5.)  A  partial  function  h  :  XxA  -»  Y,  called  the  output  function. 

The  state  transition  function  f  may  accept  sets  of  states  as  its  values, 
rather  than  only  single  states,  i.e.,    fix, a)  =  {x^...^},  where   xlv..,xk  e  X 

and  a  e  A.  Deterministic  finite  machines  are  a  special  subclass  of  non 

deterministic  finite  machines. 

A  machine   X   operates  then  as  follows.  It  accepts  an  input  sequence 

uo,  ui,  U2,  ...   of  elements  of  the  input  set  A,  and  creates  a  sequence  of 

states  xo,  xi,  X2,  ...  s  X  and  a  sequence  of  output  characters  yo,  yi,  y2>  ••• 

according  to  the  recursion 

r991.  xk+i  =  f(xk,uk), 

u-2-1}  yk  =  h(xk),  k  =  0,  1,  2,  ... 

Here,  the  integer  k   serves  as  the  step  counter.  In  an  asynchronous 

machine,  the  step  counter  advances  by  one  every  time  there  occurs  a  state 

transition  or  a  change  in  the  input  value.  As  usual,  for  consistency,  we 

assume  that  the  functions   f  and  h  have  the  same  domain.  Clearly,  every 
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machine  that  follows  the  recursion  (2.2.1)  represents  a  causal  system. 
When  the  output  function  h  in  (2.2.1)  depends  only  on  the  state  xk  (and 
does  not  depend  on  the  input  value   uk),  then  the  machine  I  induces  a 
strictly  causal  system. 

Finally,  we  say  that  I  is  an  input  I  state  machine  when  yk  =  h(xk) 
and   h   is  a  set  isomorphism.  In  such  case,  the  output  at  each  step  is 
isomorphic  to  the  state  of  the  machine  at  that  step. 

Using  the  transition  function   f,  we  can  define  a  partial  function  f*  : 
XxA+  ->  X    by  setting    P(x,u)  :=  fl  ...fTfTflx,uo),ui),U2)...,uk)  for  a  state  x  e 
X  and  a  permissible  input  list  u  =  uoui...uk  e  A+.  Thus,  the  partial 
function  f*  provides  the  last  state  in  the  path  generated  by  the  input  string 
u.  In  the  sequel,  we  shall  somewhat  abuse  the  notation  and  use  the  symbol 
f  for  f*   as  well. 

The  following  basic  concept  in  the  theory  of  asynchronous  sequential 
machines  plays  an  important  role  in  our  discussion.  A  valid  pair   (x,u)  € 
XxA  of  the  machine  I  of  (2.2.1)  is  a  stable  combination  if  flx,u)  =  x.  Thus, 
for  a  stable  combination  (x,u),  the  state  x  does  not  change  as  long  as  the 
input  character  is  u.  A  state  x  for  which  there  is  a  stable  combination  is 
called  a  potentially  stable  state.  States  of  L  that  are  not  potentially  stable 
serve  only  as  transition  states,  and  the  machine  can  never  stop  or  linger  in 
them.  In  idealized  terms,  the  machine  spends  zero  time  in  states  that  are 
not  potentially  stable.  Such  states  are  of  no  practical  consequence,  and  can 
be  ignored.  The  state  sets  of  all  the  machines  considered  in  the  present 
work  contain  only  potentially  stable  states. 

An  important  restriction  on  an  asynchronous  sequential  machine  is 
the  requirement  that  only  a  single  variable  affecting  the  operation  of  the 
machine  be  allowed  to  change  its  value  at  a  time.  A  machine  for  which  this 
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requirement  is  satisfied  is  said  to  operate  in  fundamental  mode.  For  a 
machine  to  operate  in  fundamental  mode,  an  input  character  can  change 
only  after  the  machine  has  reached  a  stable  combination  (so  that  state  and 
input  variables  do  not  change  values  simultaneously);  and,  if  the  machine 
has  several  input  variables,  only  one  input  variable  may  change  at  a  time 
(e.g.,  Kohavi  [24]).  All  machines  and  machine  combinations  discussed  in 
this  work  operate  in  fundamental  mode. 

Consider  the  sequential  machine  I  of  (2.2.1).  Let  x  be  the  state  of 
the  machine  and  let  u  be  its  input  value.  If  (x,u)  is  not  a  stable 
combination,  the  machine    I   will  go  through  a  chain  of  transitions,  which 
may  or  may  not  terminate.  In  fundamental  mode,  the  input  value   u   must 
be  kept  fixed  while  the  chain  of  transitions  is  in  progress.  Clearly  then,  the 
chain  of  transitions  terminates  if  and  only  if  a  stable  combination   (x',u) 
with  the  same  input  value   u  is  encountered.  When  such  a  stable 
combination  is  encountered,  we  call  x'   the  next  stable  state  of  x  with  the 
input  value  u.  If  a  stable  combination  with  the  input  value  u  is  not 
encountered  during  the  chain  of  transitions  that  passes  through  the  pair 
(x,u),  then  the  machine   I   possesses  an  infinite  cycle.  Machines  with 
infinite  cycles  are  excluded  from  our  present  discussion. 

As  mentioned  in  the  paragraph  following  (2.2.1),  the  step  counter  k 
advances  one  step  during  each  state  transition.  Thus,  if  there  are,  for 
example,  three  transitions  from   (x,u)   to  the  next  stable  combination   (x',u), 
then,  although  the  input  value  is  kept  fixed  at  u,  the  machine  is  driven  by 
the  input  list   uuu   in  the  course  of  the  resulting  transition  chain.  To 
simplify  our  notation,  we  shall  disregard  this  fact  in  our  ensuing 
discussion.  We  shall  assume  throughout  that  input  values  are  kept 
constant  during  all  transition  chains  (for  fundamental  mode  operation), 
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and  we  shall  count  only  the  changes  in  the  input  value,  rather  than 
counting  the  steps  of  the  machine. 

The  notion  of  next  stable  state  leads  to  the  notion  of  the  stable 
transition  function,  which  plays  an  important  role  in  our  discussion. 
Consider  again  the  machine   I   of  (2.2.1),  and  assume  it  has  no  infinite 
cycles.  Then,  every  valid  pair  (x,u)  of  X  has  a  next  stable  state  x'.  We  can 
then  define  a  partial  function  s  :  XxA  — >  X  by  setting  s(x,u)  :=  x'  for  every 
valid  pair  (x,u),  where  x'   is  the  next  stable  state  of  x  with  the  input  value 
u.  We  call   s  the  stable  transition  function  of  the  machine   Z.  Note  that  the 
stable  transition  function  describes  the  operation  of  the  machine   £  in 
fundamental  mode,  i.e.,  under  the  requirement  that  an  input  value  be 
changed  only  after  the  machine  has  reached  a  stable  combination.  This 
guaranties  that  the  state  of  the  machine  is  fixed  when  the  input  value  is 
being  changed. 

The  operation  of  an  asynchronous  sequential  machine    Z  is 
determined  by  its  stable  transition  function  in  the  following  way.  The 
machine  always  starts  from  a  stable  combination   (xo,u_i),  at  which  the 
machine  has  been  lingering  for  some  time.  Assume  now  that  an  input 
string  u  :=  (uoui...uk)  e  A+   is  applied  to  the  machine.  This  causes  the 
machine  to  pass  through  a  list  xi,  ...,  Xk+i   of  next  stable  states,  where  x\+i 
=  s(xi,ui),  so  that  (xi+i,ui)   is  a  stable  combination,  i  =  0,  1,  ...,  k.  The  input 
list  u  is  permissible  if  (xi,ui)   is  a  valid  combination  for  all  i  =  0,  ...,  k.  In 
fundamental  mode  operation,  the  input  value  is  allowed  to  switch  from   ui 
to  ui+i  only  after  the  stable  combination  (x|+i,ui)  has  been  reached  by  the 
machine.  This  guaranties  that  the  state  of  the  machine  during  which  the 
input  value  changes  is  well  defined.  The  list  of  states   {xo,  ...,  Ak+i)   is  called 
the  path  induced  by  the  input  string  u  from  the  state  xn.  Note  that  the 
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intermediate  states  that  the  machine  passes  when  moving  from  one  stable 
combination  to  the  next  are  not  included  in  the  path.  The  corresponding 
string  of  output  characters  generated  by  the  input  string  u  is    {yo,  ...,  yk+ih 
where  yi  =  h(xj),  i  =  0,  ...,  k+1.  The  fact  that  the  input  values  up  to  step  k 
determine  the  output  values  up  to  step  k+1  is  an  indication  of  the  strict 
causality  of  the  machine. 

Since  the  intermediate  states  the  machine  passes  when  going  from 
one  stable  combination  to  the  next  are  ignored  in  practice,  the  operation  of 
the  asynchronous  sequential  machine  is  best  described  by  using  the  stable 
transition  function  s   rather  than  the  original  transition  function  f  of  X. 

In  formal  terms,  we  use  the  stable  transition  function   s   to  induce  the 
sequential  machine   I  ( s   that  has  the  same  input  character  set,  the  same 

output  character  set,  the  same  state  set,  and  the  same  output  function  as  X, 
but  its  transition  function  is  the  stable  transition  function  s   of  I.  The 
machine   I  ( s  is  called  the  stable  state  machine  induced  by  1,  and  it  is 
determined  by  the  quintuple   (A,Y,X,s,h).  The  initial  state  of  Z)s  is  taken 
as  the  initial  state  of  I. 

Using  the  stable  transition  function  s,  we  can  define  a  partial 
function   s*  :  XxA+  ->  X    by  setting    s*(x,u)  :=  s(  ...s(s(s(x,uo),ui),U2)...,uk) 
for  a  state  x  e  X  and  a  permissible  input  list  u  =  uoui...uk  e  A+,  just  as 
done  for  the  case  of  the  transition  function   f  earlier.  The  partial  function 
s*  provides  the  last  state  in  the  path  generated  by  the  input  string  u.  We 
shall  somewhat  abuse  the  notation  and  use  the  symbol  s  for  s*  below. 

We  can  define  a  partial  function   h*  :  XxA+  -»  Y  in  a  similar 
manner  by  setting    h*(x,u)  :=  h(  ...s(s(s(x,uo),ui),U2)...,uk)  for  a  state   xeX 
and  a  permissible  input  list   u  =  uoui...uk  e  A+,  just  as  done  for  the  case  of 
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the  stable  transition  function   s   earlier.  The  partial  function  h*   provides 
the  last  output  generated  by  the  input  list  u. 

We  can  provide  the  entire  output  list  by  defining  a  function  h+  :  XxA+ 
-»  Y+,  where   h+(x,u'u)  :=  h(x,u')h+(s(x,u'),u)   for  an  input  list   u  e  A+,  a 
character  u'  e  A,  and  a  state  x  e  X.  We  could  define  the  output  functions 
h     and  h+  using  the  transition  function  f  instead  of  the  stable  transition 
function   s,  however,  outputs  are  normally  only  valid  in  stable  combinations 
of  a  machine,  thus  we  use  the  stable  transition  function  to  define  h     and 
h+   here. 

It  is  necessary  sometimes  to  compare  two  different  sequential 
machines,  we  start  by  comparing  states  of  a  machine.  Two  states   x   and   x' 
of  I  are  distinguishable  whenever  there  exists  at  least  one  finite  input  list 
which  when  applied  to   I,  causes  different  output  sequences  depending  on 
whether  x  or  x'  is  the  initial  state.  Two  states  x  and  x'  of  a  machine  X 
are  equivalent  whenever,  for  every  possible  input  sequence,  the  same  output 
sequence  will  be  produced  regardless  of  whether  x   or  x'   is  the  initial 
state. 

Qualitatively,  two  states  are  equivalent  if  we  cannot  distinguish  them 
by  tests  of  input/output  behavior  on  the  machines  concerned.  If  two  states 
are  equivalent,  then  so  are  the  states  they  are  taken  into  by  an  input  string. 
If  a  machine  £  contains  two  equivalent  distinct  states,  then  one  of  these 
states  is  redundant,  and  can  be  omitted  from  the  machine.  A  machine   £  is 
minimal  or  in  reduced  form  if  there  are  no  distinct  states  in  its  state  space 
which  are  equivalent  to  each  other. 

Now  consider  two  machines    I  =  (A,Y,X,f,h)   and   I'  = 
(A',Y',X',f  ,h').  The  two  machines    I   and  I'   are  equivalent  whenever,  for 
every  state  in  I,  there  is  a  corresponding  equivalent  state  in  I',  and  for 


18 

every  state  in  I',  there  is  a  corresponding  equivalent  state  in  I.  A  state  x 
of  X  covers   a  state  x'   of  I'  if  every  input  sequence  applicable  to   x'   is  also 
applicable  to  x,  and  the  application  of  an  input  sequence  to  both  X  and  X' 
when  they  are  initially  in   x   and  x'   respectively,  results  in  identical  output 
sequences.  A  machine    I  covers   a  machine   L'   whenever  for  every  state   x' 
of  X'  there  is  a  corresponding  state  x  of  I  such  that  x  covers  x'. 

There  are  many  good  texts  on  various  aspects  of  machines  and 
automata  theory,  some  are:  Arbib  [1],  Eilenberg  [11],  Evans  [12],  Kalman, 
Falb,  and  Arbib  [23],  Kohavi  [24],  McCluskey  [32]. 

2.3  Races 

One  problem  with  the  design  of  asynchronous  sequential  machines  is 
the  presence  of  hazards  and  races.  These  problems  arise  due  to  the  unequal 
propagation  delays  of  different  gates  or  delays  in  the  signal  paths  of  the 
combinational  logic  used  in  the  asynchronous  circuits.  Static  hazards  are 
incorrect  output  changes  in  combinational  logic  that  occur  between 
changes  of  essential  implicants.  Critical  races  occur  when  two  of  more 
feedback  signals  (signals  representing  the  internal  memory)  change 
together.  Essential  hazards  are  critical  races  between  an  input  signal 
change  and  a  feedback  signal  change.  The  present  work  concentrates  on 
correcting  the  problems  associated  with  critical  races. 

Our  present  work  is  within  the  context  of  computer  engineering.  In 
that  context,  sequential  machines  are  implemented  using  digital  circuits, 
which  can  only  express  an  alphabet  consisting  of  two  characters,  usually 
denoted  0  and   1.  The  implementation  is  achieved  by  the  use  of  digital  flip 
flops  and  logical  gates.  The  set  of  states  X  then  is  represented  by  a  family  of 
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words  made  from  the  characters   0   and   1.  The  process  of  assigning  these 
words  to  the  states  is  the  process  of  state  assignment.  The  state  assignment 
determines  whether  or  not  the  resulting  implementation  will  or  will  not 
have  races.  A  race  will  result  whenever  the  state  assignment  is  such  that  a 
transition  occurs  between  two  states  whose  word  representations  differ  by 
more  than  one  character. 

We  turn  now  to  a  brief  review  of  the  notion  of  a  race,  one  of  the  critical 
concepts  in  the  theory  of  implementation  for  asynchronous  sequential 
machines  (e.g.,  Kohavi  [24]).  Recall  that  a  race  is  a  situation  in  an 
asynchronous  sequential  machine  when  two  or  more  variables  must 
change  their  value  simultaneously.  In  practice,  stray  delays  and  the  non- 
ideal  characteristics  of  electronic  devices  make  it  impossible  to  achieve 
such  a  simultaneous  change,  and  the  variables  will  change  sequentially. 
Moreover,  it  is  usually  impossible  to  predict  the  order  in  which  the 
variables  will  change  sequentially.  A  race  is  a  critical  race  if  the  next  stable 
state  (or  the  next  stable  output  value)  of  the  machine  depends  upon  the 
order  in  which  the  internal  variables  change.  For  a  critical  race,  there  are 
then  several  possibilities  next  stable  states,  Otherwise,  the  race  is  non- 
critical.  A  non-critical  race  does  not  affect  the  operation  of  the  machine. 
Since  the  order  in  which  the  variables  change  their  values  is  unpredictable, 
a  critical  race  makes  the  response  of  the  machine  unpredictable  as  the 
machine  passes  through  the  race.  A  machine  with  a  critical  race  will  then 
have  an  unpredictable  response  for  certain  state-input  combinations.  An 
state-input  pair  (x,u)  for  which  the  next  state  of  the  machine  is 
unpredictable  is  called  a  critical  race  pair,  or,  briefly,  a  critical  race. 
Asynchronous  sequential  machines  are  always  designed  with  the  objective 
of  obtaining  a  machine  with  no  critical  races.  Nevertheless,  a  critical  race 
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may  occur  in  a  machine  as  a  result  of  a  malfunction,  an  implementation 
fault,  or  a  design  fault. 

Consider  then  a  machine  with  a  single  critical  race  pair    (x,u).  When 
the  machine  is  at  the  state  x  and  receives  the  input  value  u,  the  next  state 
of  the  machine  can  be  one  of  several  options.  Let   {xi,  ...,  xq}  be  the  set  of  all 
possible  next  states  the  machine  may  assume  as  a  result  of  the  pair  (x,u). 
The  states   xi,  ...,  xq  are  called  the  outcomes  of  the  race.  We  then  build  a 
family  M  =  {Z\,  ...,  Iq}   of  q   sequential  machines,  all  having  the  same 
input  set,  the  same  output  set,  the  same  state  set,  and  the  same  output 
function;  and  whose  transition  functions  are  identical  at  all  points  except 
for  the  critical  race  pair  (x,u).  At  this  point  the  value  of  the  transition 
function   fi   of  the  machine   Ij   is  defined  by  fi(x,u)  :=  xj,  i  =  1,  ...,  q.  In  this 
way,  each  one  of  the  members  of  the  family  M  represents  the  behavior  of 
our  underlying  sequential  machine  for  one  possible  outcome  of  the  race. 
Each  individual  member  of  M   has,  of  course,  no  critical  races.  We  shall 
refer  to  the  family  M   as  a  critical  race  family  of  sequential  machines.  All 
the  discussion  of  the  present  paper  evolves  around  the  notion  of  a  critical 
race  family. 

Of  course,  a  sequential  machine  may  have  more  than  one  critical 

race,  and  a  family  of  sequential  machines  can  be  built  to  represent  such 

multiple  critical  races.  The  present  work,  however,  is  devoted  to  the  study  of 

critical  race  families  that  model  the  effects  of  a  single  critical  race. 

Next  we  discuss  the  effect  of  a  critical  race  on  the  stable  state 
machine    L(s   induced  by  a  machine    I. 
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(2.3.1)  PROPOSITION.  Let  I  =  (A,Y,X,f,h)  be  a  machine,  and  let  the  pair 
(x,u)  g  XxA  be  a  critical  race  in  I.  The  critical  race   (x,u)   has  no  effect  on 
the  stable  combinations  of  I. 
PROOF.  Let  Zj_,  z2,  ...,  zn  e  {0,1}  represent  the  internal  variables  of  the 

states  of  the  machine   Z.  Recall  a  stable  combination  (x',u)  is  a  pair  for 

which  the  transition  function  is  defined  by    flx',u')  =  x'.  In  more  specific 
terms,  a  stable  combination  is  a  state/input  combination   (z1z2...zn,u) 

where  the  transition  function  defined  at  the  combination  (z1z2...zn,u'), 
f(z1z2...zn,u')  =  z^.-.z^  requires  no  changes  in  any  of  the  values  of  the   zv 
i  =  1,  ...,  n.  Thus,  since  there  are  no  changes  in  any  of  the  internal  memory 
variables  at  a  stable  combination,  a  critical  race  can  not  occur  at  a  stable 
combination  and  can  not  affect  any  of  the  stable  combinations  of  a  machine. 
♦ 

We  will  use  the  result  of  Proposition  (2.3.1)  to  show  that  a  critical  race 
does  not  alter  the  number  of  potentially  stable  states  of  a  machine.  First  we 
make  a  observation  on  the  state  assignment  of  a  state  with  more  than  one 
internal  variable  coding. 

Consider  the  machine   I  =  (A,Y,X,f,h)   of  Proposition  (2.3.1)  and  let  x 
g  X  be  a  state  of  S.  The  state  x  may  have  more  than  one  internal  coding, 
i.e.  the  internal  variable  representation  z1z2...zn   of  x  may  have  a  set  of 

values  all  corresponding  to  the  state  x  in  I.  Suppose  that  two  of  these 
codings  differ  by  more  than  one  internal  variable,  for  instance  let  n  =  2   and 
say  x  is  coded  internally  by  00  and   11.  We  could  then  have  a  critical  race 
occur  in  a  transition  from  a  state  to  itself,  i.e.   f(00  u)  =  11  and  fUl,u)  =  11. 
We  can  ignore  the  possibility  of  something  like  f(00,u)  =  11  and  fl(ll,u)  =  00, 
because  this  is  an  unstable  cycle  which  we  have  excluded  from  this 
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discussion.  To  avoid  having  to  refer  to  the  internal  codings,    z1z2...zn, 

instead  of  the  representation  of  the  state,  x,  in  the  rest  of  this  work  it  is 
assumed  that  when  there  are  multiple  codings  of  the  same  state,  that  any 
transitions  from  the  state  to  itself  do  not  involve  the  change  of  more  than 
one  internal  variable.  Thus  in  this  discussion  a  critical  race  will  not  appear 
in  a  transition  from  a  state  to  itself.  This  assumption  will  not  limit  any  of 
our  results.  All  the  results  in  this  work  are  valid  for  a  critical  race  in  a 
transition  between  a  state  and  itself,  but  notationally  it  is  much  simpler  to 
exclude  this  case. 

(2.3.2)  PROPOSITION.  Let  I  =  (A,Y,X,f,h)  be  a  machine  and  let  the  pair 
(x,u)  €  XxA  be  a  critical  race  in  I.  The  critical  race   (x,u)   does  not  change 
the  number  of  potentially  stable  states  of  I. 

PROOF.  Proposition  (2.3.2)  is  a  direct  result  of  Proposition  (2.3.1).  Recall 
that  for  a  potentially  stable  state  x'  e  X,  there  is  an  input  u'  e  A  such  that 
flx',u)  =  x',  qualitatively  a  potentially  stable  state  x'  has  at  least  one  stable 
combination.  Since  a  critical  race  can  not  affect  a  stable  combination,  the 
potentially  stable  states  are  unaltered.  ♦ 

Proposition  (2.3.2)  implies  that  all  members  of  any  critical  race 
family  of  machines  have  the  same  number  of  potentially  stable  states.  This 
result  is  necessary  for  the  method  of  comparison  we  use  between  machines. 

Next  we  look  at  how  the  stable  transition  function  is  affected  by  a 
critical  race.  Let   X  =  (A,Y,X,f,h)  be  a  machine  and  let  the  pair  (x,u)  €  XxA 
be  a  critical  race  in  I.  Let  L)s  =  (A,Y,X,s,h)  be  the  stable  state  machine 

induced  by  I.  Pick  a  potentially  stable  state  x'  e  X  and  an  input  value  u'  e 
A  for  which  (x',u')  is  a  valid  pair.  If  the  next  stable  state  reached  by  I 
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from   (x',u)    encounters  the  critical  race    (x,u)    at  some  intermediate  point, 
then  the  point  (x',u)  is  a  critical  race  of  the  stable  state  machine   L(  s.  All 

stable  transitions  which  encounter  the  critical  race  at  an  intermediate 
point  are  affected  and  become  critical  races  in  the  stable  state  machine. 
When   L  is  operating  in  fundamental  mode,  a  critical  race   (x,u)   in   £  may- 
induce  up  to   #X  critical  races  in  1 1  ,  at  various  points  all  with  the  same 

input  value   u.  Whenever  Z  is  a  direct  transition  machine,  i.e.  the  stable 

transition  function  and  the  transition  function  are  identical,  each  critical 
race  in   S  induces  one  critical  race  in   S|s   at  the  same  point. 


CHAPTER  3 
CONTROLLERS 


3.1  Controllers 


As  discussed  earlier,  our  objective  is  to  build  a  controller  that  will 
eliminate  the  effects  of  a  critical  race,  and  we  turn  now  to  a  somewhat  more 
detailed  discussion  of  controllers.  Consider  again  the  sequential  machine 
X  described  by  (2.2.1).  As  can  be  seen  from  the  figure  (1.1),  a  controller  C 
for  Z  has  two  input  variables,  the  first  one  for  the  external  reference  input 
v,  and  the  second  one  for  the  feedback  variable  y.  To  simplify  notation,  we 
shall  assume  that  value  set  of  the  external  reference  variable  v  is  identical 
to  the  input  set  A  of  I.  Then,  the  input  set  of  C  is  the  cross  product  set 
AxY,  while  the  output  value  set  of  C  must  be  A,  since  the  output  of  C 
serves  as  the  input  of  L  in  the  configuration  (1.1).  We  shall  denote  by  5  the 
state  set  of  the  controller,  and  use  the  letters  cp  and  r\  to  denote  its 
transition  and  output  functions,  respectively.  In  other  words,  the  controller 
is  a  sequential  machine   C  =  (AxY,A,E,(p,r|). 

The  machine  represented  by  the  closed  loop  system  (1.1)  is  denoted  by 
Zc.  In  view  of  our  conventions,  the  input  set  of  Zc  is  A,  and  its  output  set  is 
Y,  equal  to  the  output  set  of  the  original  machine  I.  The  state  set  of  Ec  is 
the  cross  product  set  XxE.  The  transition  function  of  the  closed  loop  system 
Zc   is  determined  by  the  transition  functions  of  L  and  C,  and  we  shall 
calculate  it  later.  In  view  of  the  fact  that  the  output  of  the  closed  loop  system 
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is  in  fact  the  output  of  I,  the  output  function  of  Ic  is  directly  determined  by 
the  output  function  h  of  I. 

Several  issues  arise  when  the  control  loop  is  closed  around  the 
system  Z  in  (1.1).  The  first  issue  is  to  guarantee  that  the  closed  loop  is  well 
posed,  i.e.,  that  all  signals  are  uniquely  and  causally  determined  by  the 

external  reference  signal   v.  A  closed  loop  system,  in  this  case  the  closed 
loop  system  Lc,  is  well  posed  when  either  the  machine   S  or  the  controller 

C   is  strictly  causal  and  the  other  is  causal.  In  this  work  the  machine   Z  to 
be  controlled  is  assumed  to  be  strictly  causal.  Therefore,  as  long  as  the 
controller  C   is  causal,  the  closed  loop  system  is  well  posed.  This  condition 
is  satisfied  in  our  setup,  since  the  machine  X  of  (1.1)  represents  a  strictly 
causal  system  (see  e.g.  Hammer  [14]  for  details). 

Another  important  consideration  is  the  requirement  that  the  closure 
of  the  control  loop  around   I  through  the  controller  C   not  give  rise  to 
critical  races.  To  guarantee  that  no  new  critical  races  arise  through  the 
closure  of  the  loop,  we  shall  require  that  the  machines   £  and  C  operate  in 
fundamental  mode  within  the  closed  loop  configuration.  To  fulfill  this 
requirement,  the  controller  C   will  be  designed  to  satisfy  the  following 
conditions. 

(i)  Starting  from  a  stable  combination,  and  in  response  to  a  change  in  the 
external  reference  input  variable  v  of  C,  the  output  value  of  the  controller 
does  not  change  until  the  controller  reaches  its  next  stable  state, 
(ii)  In  response  to  changes  in  the  output  y  of  I,  the  controller  C  does  not 
commence  any  state  transitions  until  it  identifies  that  I  has  reached  the 
next  stable  state. 

When  these  requirements  are  met,  the  systems   I  and  C  will  not 
simultaneously  engage  in  state  transitions;  furthermore,  while  one  of  the 
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systems   I  or  C  is  engaged  in  state  transitions,  its  input  values  will 
remain  fixed,  and,  for   C,  only  one  input  variable  will  change  at  a  time.  Of 
course,  the  system  must  to  be  operated  so  that  the  rate  of  changes  of  the 
external  reference  variable   v  is  slow  enough,  to  allow  the  closed  loop 
system  to  reach  its  next  stable  state  before  a  new  input  change  occurs.  This 
is  a  standard  requirement  in  the  operation  of  asynchronous  sequential 
machines. 

One  method  of  ensuring  that  the  controller  output  remains  fixed 
during  state  transitions  is  to  have  all  controller  state  transitions  be  direct 
transitions.  In  other  words,  constructing  the  controller  so  that  all  state 
transitions  go  directly  to  the  next  stable  state  without  passing  through  any 
transitional  states. 

We  are  now  in  a  position  to  formally  state  the  main  problem 
discussed  in  the  present  paper.  Let  M  =  {2^,  ...,  Iq}   be  a  critical  race  family 

of  sequential  machines,  where  each  member  of  M   has  the  input  set  A,  the 

output  set  Y,  and  a  state  set  of  cardinality  n.  For  a  controller  C,  denote  by 
Zic,  the  closed  loop  system  with   Lj  inserted  for  X  in  figure  (1.1),  and 

denote  by  I-c  ( s  the  stable  state  machine  induced  by  the  machine   Zic.  Now, 

let  X  be  a  given  sequential  machine  with  a  stable  transition  function, 

having  the  input  set  A,  the  output  set  Y,  and  a  state  set  of  cardinality  n. 

Then,  our  main  objective  is  to  find  a  controller  C   for  which  the  closed  loop 
configuration  (1.1)  satisfies  the  condition  Iic|s  =  I  for  all  i  =  1,  ...,  q.  We 

shall  refer  to  this  problem  as  the  model  matching  problem.  A  controller  C 
that  solves  the  model  matching  problem  eliminates  the  effects  of  the  critical 
race,  since  the  -nrmt/output  behavior  of  the  closed  loop  system  is  always 
given  by  the  desired  model   I,  and  does  not  depend  on  the  outcome  of  the 
race. 
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In  the  present  paper,  we  consider  the  model  matching  problem  only 
for  the  case  where  the  family  M  consists  of  input/state  machines,  i.e.,  for 
the  case  where  the  output  of  each  machine   Zj,  i  =  1,  ...,  q,  is  isomorphic  to 

its  state. 

Note  that  in  our  statement  of  the  model  matching  problem,  the 
desired  model  L  has  a  state  set  of  cardinality  equal  to  that  of  the  state  set  of 
the  family  M.  This  requirement  reflects  our  objective  of  designing  a 
controller  that  restores  a  faulty  asynchronous  machine  to  an  originally 
intended  model.  The  faulty  machine  has  the  same  number  of  states  as  the 
intended  model. 


CHAPTER  4 
REACHABILITY 


4.1  Reachable  and  Stablv  Reachable  States 

Reachability  deals  with  the  characterization  of  the  set  of  all  states 
that  can  be  reached  from  a  given  state  in  a  sequential  machine,  by  applying 
a  list  of  input  characters.  In  the  present  section  we  develop  some 
characterizations  of  reachability  that  will  play  a  critical  role  in  our 
derivation  of  necessary  and  sufficient  conditions  for  the  existence  of 
controllers  that  negate  the  effects  of  critical  races.  We  start  with  some  basic 
facts. 

Consider  a  sequential  machine  Z  described  by  (2.2.1),  and  let  x,  x'  e 
X  be  two  states  of  the  machine.  We  say  that  the  state  x'  is  reachable  from 
the  state   x  if  there  is  an  input  list  u  =  uqUi-.u^  g  A+   for  which  ftx,u)  =  x', 

i.e.,  if  the  machine  can  be  driven  from   x   to   x'.  Note  that  for  this  definition 
the  list  u  is  required  to  be  non  empty.  The  state  x  is  controllable  to  the 
state   x'   whenever  x'   is  reachable  from   x. 

A  similar  notion  can  also  be  defined  for  the  stable  state  machine   S|s 
induced  by  the  machine   I.  Let  s  be  the  stable  transition  function  of  X,  and 
let  x  and  x'  be  two  potentially  stable  states  of  I.  We  say  that  the  state  x'  is 
stably  reachable  from  the  state  x  if  there  is  an  input  list  u  =  uqUi.-.u^  e  A+ 
for  which   x'  =  s(x,u).  In  view  of  the  definition  of  the  stable  transition 
function  s  of  I,  the  set  of  stably  reachable  states  is  exactly  the  .  .>.  )f  all 
states  that  can  be  reached  from  x   while  the  machine  I  is  operated  in 
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fundamental  mode.  Again,  note  that  for  this  definition  the  list  u  is 
required  to  be  non  empty.  The  state  x  is  stably  controllable  to  the  state  x' 
whenever   x'   is  stably  reachable  from   x.  This  leads  to  the  following 
definitions. 

A  machine   I  =  (A,Y,X,f,h)  is  connected  whenever  every  state   x  e  X 
is  reachable  from  the  initial  state  of  I,  the  machine   L  =  (A,Y,X,f,h)  is 
stable  connected  whenever  every  state  xe  X  is  stably  reachable  from  the 
initial  state  of  I.  A  machine   I  =  (A,Y,X,f,h)   is  strongly  connected 
whenever  every  state  xe  X  is  reachable  from  every  other  state  of  X,  the 
machine   I  =  (A,Y,X,f,h)   is  strongly  stable  connected  whenever  every  state 
xe  X  is  stably  reachable  from  every  other  state  of  I. 

The  following  statement  is  a  simple  consequence  of  the  fact  that  the 
state  set  X  of  I  is  of  finite  cardinality  (denoted  by  #X).  It  shows  that, 
starting  at  x,  one  can  reach  any  stably  reachable  state  in  at  most  (#X  -  1) 
steps. 

(4.1.1)  LEMMA.  Let   I   be  an  asynchronous  sequential  machine  of  the  form 
(2.2.1),  having  the  state  set  X  and  the  stable  transition  function  s.  Let  x,  x' 
eX  be  states,  and  assume  that  x'  is  stably  reachable  from  x.  Then,  there 
is  an  input  list   u   of  length  not  exceeding  (#X  -  1),  for  which   x'  =  s(x,u). 
PROOF.  Since   x'  is  stably  reachable  from   x,  there  is,  by  definition,  an 
input  list   u'  =  uqUj  ...  u^    such  that   x'  =  s(x,u').  Now,  if    I  u  I  <  #X,  simply 
set  u  :=  u'.  Otherwise,  denote   Xj+1  :=  s(xj,Uj),  where   xq  :=  x   and  x^+i  :=  x', 
and  consider  the  list  of  states   x0,  x1;  ...,  x^+1,  which  contains   k+2 
elements.  Since  altogether  there  are  only  #X   states  and   k+2  >  #X,  at  least 
one  state  must  appear  more  than  once  in  the  list.  Let  then  i  <  j  be  integers 
such  that   x;  =  x-v  and  consider  the  input  list   w  :=  uqU}  ...  u^Uj  ...  u^   (or 
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simply   w  :=  Uj  ...  u^    when   i  =  0).  A  slight  reflection  then  shows  that  we 
have  eliminated  a  cycle,  and  we  still  have   x'  =  s(x,w).  Clearly,    I  w  I  <  I  u'  I , 
and  this  process  can  be  repeated  until  an  input  sequence   u    satisfying  x'  = 
s(x,u)  and    lul  <#X-1   is  obtained.  ♦ 

Consider  for  a  moment  an  input  list   u  =  uqUi.-.u^  e  A+   for  which  x' 
=  s(x,u),  where   s   is  the  stable  transition  function  of  the  machine   Z.  The 
definition  of  s  implies  then  that  the  pair  (x',u^)   is  a  stable  combination. 
Now,  let  w  e  A  be  any  input  character  for  which   (x',w)  is  a  stable 
combination.  We  can  concatenate  the  input  list  u  with  w  to  obtain  the 
input  list   u'  :=  uw,  which  still  has  the  property  that   x'  =  s(x,u').  Thus,  the 
last  character  of  the  input  list  that  takes  the  machine  from  x   to   x'   can  be 
selected  to  be  any  input  character  that  forms  a  stable  combination  with  the 
stably  reached  state   x'.  This  will,  however,  increase  the  length  of  the  input 
list  by  one  step. 

In  the  rest  of  this  work,  results  are  generated  using  the  notion  of 
stably  reachable  and  the  stable  transition  function.  In  practice,  due  to 
timing  problems,  inputs  can  only  be  changed  when  a  machine  is  in  a  stable 
combination,  i.e.  fundamental  mode.  The  controller,  then,  can  only  change 
inputs  to  the  machine  it  is  controlling  when  the  machine  is  in  a  stable 
combination,  and  thus  the  controller  can  only  affect  the  stable  transitions  of 
the  machine  it  is  controlling. 
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4.2  Reachability  Sets 

Using  the  notions  of  reachability  and  stable  reachability,  we 
introduce  the  notion  of  a  reachability  set.  Briefly  stated,  the  reachability  set 
of  a  state  x  contains  all  the  states  reachable  from  x. 

Let  Z  =  (A,Y,X,f,h)  be  a  machine,  and  let  #X  =  n.  Let  x  be  a  state  of 
L.  The  one-step  reachability  set  r(x)  of  the  state  x  is  the  set  of  all  states  of 
£  reachable  from  the  state  x  in  one  step. 

(4.2.1)  r(x)  =  {x'  Ix'gX  and  3  u  e  A   such  that  f(x,u)  =  x'  } 

We  define  the  m-step  reachability  set    r    (x)  as  the  set  of  all  states  of 

L  reachable  from   x   in  exactly  m   steps. 

(4.2.2)  r    (x)  =  {x'  I  x'  e  X   and  3  w  e  A+,  |  w  |  =  m,  such  that   flx,w)  = 

x'  } 

Now,  let  m  >  1  be  an  integer.  In  order  to  determine  the  states  that 
can  be  reached  in   m   or  less  transition  steps  for  the  machine   Z,  we 

construct  the  set 

(4.2.3)  r(m\x):=  U,  =  h  ...,  m  r(x) 

The  set   r      (x)   contains  all  states  reachable  from  x  in  m  or  less 

steps. 

Similarly  to  Lemma  (4.1.1),  if  there  is  a  state  reachable  from  x  in  the 
machine   I   then  it  is  reachable  in   (n-1)   or  less  steps.  This  directly  implies 
the  following  fact. 

(4.2.4)  PROPOSITION.  Let  I  be  a  sequential  machine  with  a  state  set 

consisting  of  n  states.  The  set  of  all  states  reachable  from  the  state  x  for 
the  machine    X  is  the  set  r        (x). 
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We  will  denote  the  set  of  all  states  reachable  from  a  state  x  in  I  by 
the  set  rv(x).  We  will  refer  to  this  set  as  the  reachability  set  of  the  state  x. 

(4.2.5)  iv(x)  =  {x'  I  x'  €  X  and  3  w  e  A+   such  that  f(x,w)  =  x'  } 

We  can  now  restate  our  definition  of  a  connected  and  a  strongly 
connected  machine  in  terms  of  the  reachability  set.  Consider  a  machine    L 
=  (A,Y,X,f,h),  and  let  xQ  be  the  initial  state  of  I.  The  machine  I  is 
connected  whenever   rv(x0)  =  X.  The  machine   I   is  strongly  connected 
whenever  rv(x)  =  X  for  all  x  in  I. 

A  similar  notion  to  the  reachability  set  can  be  described  for  the  stable 
state  machine   I  ( s  induced  by  the  machine  I.  Let  s  be  the  stable 

transition  function  of  I. 

The  one-step  stable  reachability  set  r|  (x)  of  a  potentially  stable  state 

x  is  the  set  of  all  potentially  stable  states  of  I  stably  reachable  from  the 

state  x  in  one  step. 

(4.2.6)  ris(x)  =  (x    I  x'  e  X  and  3  u  e  A   such  that  s(x,u)  =  x'  } 
We  define  the  m-step  stable  reachability  set    V\  s(x)  as  the  set  of  all 

potentially  stable  states  of  I  stably  reachable  from  a  potentially  stable  state 

x  in  exactly  m  steps. 

(4.2.7)  r|s(x)  =  {x'  |  x'g  X  and  3  we  A+,  |w|  =  m,  such  that  s(x,w) 

=  x'} 

Now,  let  m  >  1  be  an  integer.  In  order  to  determine  the  potentially 
stable  states  that  can  be  stably  reached  in  m  or  less  stable  transition  steps 
for  the  machine   I,  we  construct  the  set 

(4.2.8)  r(™(x):=  U,  -  1, ....  m '!,« 

The  set   r|  s  (x)  contains  all  potentially  stable  states  which  are  stably 

reachable  from  a  potentially  stable  state  x  in  m  or  less  steps. 
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Again,  in  view  of  Lemma  (4.1.1),  if  there  is  a  state  stably  reachable 
from  a  potentially  stable  state  x  in  the  machine  I  then  it  is  stably 
reachable  in  (n-1)   or  less  steps.  This  leads  to  the  following  fact. 

(4.2.9)  PROPOSITION.  Let  I  be  a  sequential  machine  with  a  state  set 

consisting  of  n  states.  The  set  of  all  states  stably  reachable  from  the 
potentially  stable  state  x  for  the  machine  X  is  the  set  r(       (x). 

We  will  denote  the  set  of  all  potentially  stable  states  stably  reachable 
from  a  potentially  stable  state  x  in  I  by  the  set  r£j  s(x).  We  will  refer  to 

this  set  as  the  stable  reachability  set  of  the  potentially  stable  state  x. 

(4.2.10)  rS|s(x)  zjx'lx'eX  and  3  w  e  A+   such  that   s(x,w)  =  x'  } 


4.3  The  Matrix  of  Stable  Transitions 

Another  useful  way  of  looking  at  the  stable  reachability  of  a  machine 
is  through  a  matrix  of  inputs  for  the  stable  transitions  of  the  machine.  We 
create  now  a  matrix  that  represents  the  set  of  all  possible  stable  transitions 
for  an  asynchronous  sequential  machine   I.  Let  X  =  (xi ,  ...,  xn}   be  the  state 

set  of  I,  so  that  the  cardinality  #X  =  n,  and  let  s  be  the  stable  transition 
function  of  I.  For  every  pair  of  states  Xj,  Xj  £  X,  let  Ujj  be  the  set  of  all 
input  characters    ue  A    for  which    s(xj,u)  =  x;;  i.e.,  Ujj    consists  of  all  input 
characters  u  that  take  I  from  the  state  x\  to  the  state  Xj  in  one  stable 

transition  (although  several  unstable  transitions  may  occur  along  the  way). 
Of  course,  when  there  is  no  character    u    satisfying   s(xj,u)  =  Xj,  one  has 
Ujj  =  0,  the  empty  set.  Then,  the  matrix   R(I)  of  one-step  stable  transitions 
is  an  nxn   matrix  having  the  entries   R^   as  follows:  When   Ujj  *  0,  set  Rjj 
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:=  Ujjj  If  Ujj  =  0,  write   Rjj(I)  :  =  N   to  indicate  that  there  is  no  one-step 
stable  transition  from  the  state  Xj   to  the  state  x;. 

Generally  speaking,  the  matrix    R(I)   is  a  matrix  whose  entries  are 
either  sets  of  words  of  the  input  set  A,  or  the  extra  character  N.  In  other 
words,  the  entries  of  R(I)   are  taken  from  the  set  S(A)  U  N,  where  S(A)  is 
the  set  of  sentences  over  the  alphabet  A.  We  introduce  now  a  binary 
operation  on  such  matrices  that  resembles  matrix  multiplication.  First, 
some  preliminaries.  Let   L^  and  U2  be  two  elements  of  S(A)  U  N.  Then, 
the  concatenation   concCU^l^)  of  Uj   and  U2  is  another  element  of  the 
same  set  S(A)  U  N,  given  as  follows.  If  either  Uj  or  U2  is  the  character  N, 
we  set  conc(U1;U2)  :=  N.  Otherwise,  let  un,  ...,  ulp  be  the  words  of  U1}  and 
let  U21,  ...,  U2r  be  the  words  of  U2;  Then,  conc(Ui,U2)  :=  Uj  -  \t  mmmi  p;  m  =  1, ..., 
r  uliu2j-  As  we  can  see>  this  concatenation  operation  is  non-commutative, 
and  the  character  N   takes  the  role  of  a  "zero"   for  this  operation.  In  line 
with  this  observation,  given  a  sentence   a  e  S(A),  we  define  the  union  a  U  N 
:=  a  and  N  U  N  :=  N,  so  that  the  character  N  is  omitted  in  a  union  with 
words. 

Now,  let  V  and  W  be  two  nxn  matrices  over  the  set  S(A)  U  N,  with 
entries   Vy   and  W^,  i,  j  =  1,  ...,  n,  respectively.  Then,  the  product  Z  :=  VW 
of  V  and  W  is  another  nxn  matrix  over  the  set  S(A)  (J  N,  whose  entries 
Zy  are  given  by 

(4.3.1)  Zy  :=     U  conc(VikWkj),  i,  j  =  1,  ...,  n. 

K  —  J. 

We  can  now  define  powers  of  the  matrix   R(I)  in  the  usual  way,  by 

setting 

(4.3.2)  Rm(I):=Rm"1(Z)R(I) 
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for  all  integers   m  >  2.  Then,  a  slight  reflection  shows  that  the   (i  j)  entry  of 
Rm(I)  consists  of  all  input  lists  that  take  the  machine  I  from  the  state  Xj 
to  the  state  x;  in  exactly  m  stable  transitions.  Note  that  the  actual  number 
of  transitions  of  I   may  be  larger  than   m,  since  a  transition  chain  may 
occur  along  any  stable  transition.  Also,  following  our  convention,  the 
integer  m  indicates  here  the  number  of  distinct  input  values  that  need  to 
be  applied  to  the  machine  I  in  order  to  drive  it  from  x^  to  Xj,  i  ■*■  j,  and  it 

does  not  correspond  to  the  number  of  steps  of  the  machine.  Each  input 
value  must  be  kept  constant  until  the  machine  reaches  its  next  stable  state, 
so  as  to  obtain  fundamental  mode  operation.  Note  however  that  when  i  =  j, 
no  changes  in  the  input  value  are  necessary,  since  the  machine  starts  from 
a  stable  combination  of  the  state  x\,  and  will  dwell  at  the  state  until  an 
input  value  that  does  not  form  a  stable  combination  with  Xj  is  applied.  We 
shall  refer  to   Rm(I)   as  the  matrix  of  m-step  stable  transitions.  Here  is  a 
simple  example  for  calculating  powers  of  R(Z). 

(4.3.3)  EXAMPLE.  Let  a,  b,  c  be  characters  in  the  input  alphabet  A,  and 

consider  the  matrix 
(  (a,b)       (c)     \ 

R  = 

I,     N       {b,c|  J 

Then, 

(  {aa,ab,ba,bb}     {ac,bc,cb,cc}  A 

R2(I)  =  R(I)  R(I)  =  .  ♦ 

v  N  {bb,bc,cb,cc} 

Now,  let  m  >  1   be  an  integer.  In  order  to  determine  whether  or  not 
the    bate  Xj   can  be  reached  from  the  state  x^  in  m  or  less  stable  transition 

steps  for  the  machine   I,  we  construct  the  matrix 
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(4.3.4)  R(m)(I)  :=  Ui  =  i,  ...,  m  RKX), 

whose  i,j   entry  is  the  union  of  the  i,  j   entries  of  the  matrices  R(I),  ..., 
Rm(I).  For  each  i,  j  =  1,  ...,  n,  the  i,  j   entry  of  R^m)(D   consists  of  all  input 
lists  of  length  m  or  less  that  take  the  machine  from  the  state  xj  to  the  state 
Xj.  Of  course,  if  there  is  no  sequence  of  stable  transitions  from   Xj  to  Xj, 
then  entry  i,j   of  R(m)(I)   will  be  the  character  N. 

Finally,  to  characterize  all  possible  sequences  of  stable  transitions  for 
the  machine   I,  we  define  the  matrix 

(4.3.5)  R*(X)  :=  Ui  =  i       oc  RKD. 

In  view  of  Lemma  (4.1.1),  if  there  is  a  sequence  of  stable  transitions 
that  takes  the  machine  I  from  the  state  Xj  to  the  state  Xj,  then  there  is 

such  a  sequence  of  length  not  exceeding  (n-1).  This  directly  implies  the 
following  fact. 

(4.3.6)  PROPOSITION.  Let  I  be  a  sequential  machine  with  a  state  set 
consisting  of  n  states,  and  let  R^mHl)  and  R*(I)  be  as  defined  in  (4.3.4) 
and  (4.3.5),  respectively.  Then,  for  every  pair  of  integers  i,  j  e  (1,  ...,  n},  the 
i,j  entry  of  the  matrix  R*(I)  is  the  character  N  if  and  only  if  the  i,j 
entry  of  the  matrix   R(n-D(£)   is  the  character  N. 

Thus,  the  matrix   R(^n-1)(I)   completely  characterizes  all  pairs  of 
states  of  the  machine   I   among  which  there  are  sequences  of  stable 
transitions.  For  this  reason,  we  shall  refer  to   R^n-L(l)  as  the  matrix  of 
stable  transitions  of  the  machine   I.  The  matrix  of  stable  transitions 
contains  information  that  is  critical  for  the  construction  of  controllers  that 
eliminate  the  effects  of  races,  as  we  shall  discuss  later. 
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We  will  use  the  matrix  of  stable  transitions  to  obtain  the  appropriate 
input  lists  for  the  construction  of  corrective  controllers.  However,  for 
verifying  the  existence  of  such  controllers,  one  can  use  the  simpler  matrix 
that  we  introduce  next. 


4.4  The  Skeleton  Matrix 

Let  I  be  a  sequential  machine  described  by  (2.2.1),  and  let  R(L)  be 
the  one-step  stable  transitions  matrix  of  I.  The  one-step  skeleton  matrix 
S(Z)  of  I  is  then  an  nxn    matrix  of  numbers,  whose  entries   Sjj(Z),  i,  j  =  1, 

...,  n,  are  all  either  zero  or    1,  according  to  the  following  rule:  If  the   i,  j 
entry  of  R(I)  is   N,  then  Sjj(E)  :=  0;  otherwise  Sjj(L)  :=  1.  Thus,  the  i,  j 

entry  of  the  one-step  skeleton  matrix  is   1  if  and  only  if  there  is  a  one-step 
stable  transition  that  takes  I  from  the  state  x^  to  the  state  Xj.  If  Xj  cannot 
be  reached  from   k\  in  a  one  step  stable  transition,  then  Sjj(L)  =  0.  In 
simple  terms,  S(I)   can  be  regarded  as  a  table  that  indicates  all  possible  one 
step  stable  transitions  for  the  machine   I. 

We  can  also  define  powers  of  the  one-step  skeleton  matrix  using  the 
following  recursion.  Let   m  >  2   be  an  integer,  and  assume  that  the   nxn 
matrix   Sm"1(I)    has  been  constructed.  Then,  Sm(I)  is  again  an  nxn 
matrix  with  entries  that  are  either  zero  or  one,  whose  entries  are  given  by 
(4.4.1)  Sjj(l)  =  max  iS^DS^L),  k  =  1,  ...,  n},  i,  j  =  1,  ...,  n. 

As  we  can  see,  the  operation  of  (4.4.1)  resembles  matrix 
multiplication,  but,  instead  of  adding  the  entry  products,  we  calculate  the 
maximum  of  the  entry  products,  so  that  each  entrj   ;-  iither  zero  or  one. 
The  matrix   Sm(I)  is  called   m-step  skeleton  matrix  of  the  machine   Z.  The 
m-step  skeleton  matrix  is  related  to  the  matrix  Rm(I)   constructed  in  the 
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previous  subsection  in  the  same  way  that  S(Z)  is  related  to  R(Z);  i.e.,  an 
entry  i,  j  of  Sm(Z)  is  non  zero  if  and  only  if  it  is  possible  to  reach  the  state 
X;   from  the  state  x,  in  m   stable  transitions.  This  is  the  subject  of  the  next 

statement. 

(4.4.2)  PROPOSITION.  Let  I  be  a  sequential  machine  with  n   states,  and 
let  m  >  1  be  an  integer.  Let  Rm(Z)  be  the  matrix  of  m-step  stable 
transitions  of  Z,  and  let  Sm(Z)  be  the  m-step  skeleton  matrix  of  Z.  Then, 
for  all  i,  J€  {1,  ...,  n),  the  entry  i,j   entry  of  Sm(Z)  is  non  zero  if  and  only  if 
the  i,  j  entry  of  Rm(Z)  is  not  N. 

PROOF.  The  statement  holds  for  m  =  1  by  the  definition  of  the  one-step 
skeleton  matrix    S(Z).  In  preparation  for  an  induction,  assume  the 
Proposition  is  true  for  m  =  r,  where   r  >  1   is  an  integer.  We  now  show  that 
this  implies  that  the  Proposition  holds  for  m  =  r+1.  Consider  an  arbitrary 
entry  i,  j   of  the  matrix   Rm(Z),  where  i,  j  e  {1,  ...,  n}.  In  view  of  (4.3.2)  and 
(4.3.1),  the  i,j  entry  R[|  (I)  of  Rr+1(Z)  is  N  if  and  only  if  the  following 

condition  holds:  For  each  integer  k  =  1,  ...,  n,  at  least  one  of  the  two  entries 

r 
R-j^(Z)  or  Rfcj(Z)   is  equal  to   N.  In  view  of  our  induction  assumption,  this 

r+l 

implies  that  the  entry  R^    (Z)  is   N  if  and  only  if  the  following  condition 
holds:  For  each  integer  k  =  1,  ...,  n,  at  least  one  of  the  two  entries  S^(Z)   or 

Skj(Z)  is  equal  to  zero.  But  by  (4.4.1),  this  last  condition  is  equivalent  to  the 

condition  S^:    (Z)  =  0.  Summarizing,  we  have  obtained  that  S- j    (Z)  =  0  if 

r+l 
and  only  if  R-    (Z)  is  N.  ♦ 


We  define  now  the  skeleton  matrix  S^vlHZ)   of  the  machine   Z  as  a 
nxn  matrix  of  zeros  and  ones,  whose   i,j   entry  S^      (Z)  is  given  by 
(4.4.3)  S§'l\l)  :=  maxm  =  x n.x  S[J. 
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Here,  n  is  the  number  of  states  of  the  machine   I.  In  view  of  Proposition 

(4.4.2),  the  skeleton  matrix   S(lvl)(I)   corresponds  to  the  matrix  R(n_1)(L)  of 

stable  transitions  in  the  following  way.  For  every  pair  of  integers  i,  j  e  {1, 

...,  n},  the  entry  S\s((n-l),ij)(I)   is  zero  if  and  only  if  the  corresponding  entry 
Rj:      (I)  is   N.  Recalling  the  significance  of  the  matrix  R(n_1)(D  of  stable 

transitions,  it  follows  that  the  skeleton  matrix  characterizes  the  pairs  of  all 
states  of  £   among  which  one  can  move  via  stable  transitions,  in  any 
number  of  steps.  Explicitly,  it  is  possible  to  move  from  a  state  Xj  to  a  state 
Xj  of  the  machine  I   via  a  sequence  of  stable  transitions  (of  unspecified 
length)  if  and  only  if  the  i,j  entry  of  the  skeleton  matrix  S^n_1HS)  is  equal 
to  one.  This  justifies  the  following  statement. 

(4.4.4)  PROPOSITION.  Let  I  be  a  sequential  machine  having  the  state  set 
X  =  [xi,  ...,  xn]    and  the  skeleton  matrix   S^'^d),  and  let  i,je  {1,  ...,  n}  be 
two  integers.  Then,  the  state  x;  is  stably  reachable  from  the  state  Xj  if  and 
only  if  the  entry  i,  j  of  the  skeleton  matrix  S(n_1)(D  is  equal  to  one. 


4.5  Reachability  for  Families  of  Machines 

As  we  have  discussed  previously,  the  main  subject  of  the  present 
paper  revolves  around  families  of  sequential  machines,  rather  than 
sequential  machines  as  individual  entities.  The  skeleton  matrix  will  help 
us  identify  the  set  of  stable  transitions  that  are  common  to  all  members  of  a 
critical  race  family  of  sequential  machines.  This  set  is  crucial  for  the 
determination  of  whether  or  not  a  controller  can  be  found  to  eliminate  the 
adverse  effects  of  a  critical  race. 
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Consider  a  family   M  =  {1^  ...,  Iq}    of  sequential  machines,  all  of 
which  have  the  same  state  space   X  =  |x1(  ...,  xn),  and  let  i,  j  e  (1,  ...,  n}  be 
two  integers.  We  say  that  a  state   x;  is  stably  reachable  within  the  family  M 
from  the  state  x,  if  the  state  x;  is  stably  reachable  from  xj  in  each  one  of 
the  machines   £]_,  ...,  Iq.  We  comment  that  when   x;   is  stably  reachable 
from  Xj  in  the  family   M,  the  sequence  of  input  characters  that  take  a 
machine  of  the  family  M   from  x^   to  x;   may  differ  from  one  member  of  the 
family  M   to  another. 

We  can  form  the  stable  reachability  set  for  the  family  of  machines  M 
by 

(4.5.1)  rMls(x):=ni  =  l,...,qrI  IsW- 

The  set  rM  |  s(x)   contains  all  states  stably  reachable  from  the  state  x  in  the 

family  of  machines    M. 

Still  referring  to  the  family   M  =  {I},  ...,  Iq}    of  machines,  let  S(n* 
H^i)  be  the  skeleton  matrix  of  the  machine   X^,  i  =  1,  ...,  q.  Then,  the 
skeleton  matrix  SiM)  of  the  family  M  is  defined  as  an  nxn  matrix  of 
zeros  and  ones,  whose  entries  J^j(M)  are  given  by 

(4.5.2)  5fj(M)  :=  min;  =  Xj    ,;  q  S^'Dffi). 

It  follows  then  directly  from  Proposition  (4.4.4)  that  the  skeleton 
matrix  of  the  family  M   characterizes  the  set  of  all  pairs  of  states  that  are 
stably  reachable  from  each  other  within  the  family   M,  as  follows. 

(4.5.3)  PROPOSITION.  Let  M  =  (Ib  ...,  Iq}   be  a  family  of  sequential 
machines,  all  of  which  have  the  state  space   X  =  {xls  ...,  xn},  and  let  SfM) 
be  the  skeleton  matrix  of  the  family  M.  Ther,  for  any  pair  of  integers  i,  j  e 
{1,  ...,  n},  the  state  xj   is  stably  reachable  from  the  state  x^   within  the 

family  M  if  and  only  if  the  i,  j   entry  of  5fM)  is  equal  to  one. 


CHAPTER  5 
EXISTENCE  OF  CORRECTIVE  CONTROLLERS 


In  the  present  chapter  we  derive  necessary  and  sufficient  conditions 
for  the  existence  of  controllers  that  eliminate  the  effects  of  a  critical  race, 
and  assign  desirable  properties  to  a  given  sequential  machine   Z.  Recall 
that  the  controller  is  a  sequential  machine  C  that  is  connected  to  the 
machine   Z   according  to  the  closed  loop  configuration  (1.1). 

5.1  Operation  of  Corrective  Controllers 

A  controller  can  ensure  all  stable  transitions  of  the  closed  loop 
system  (1.1)  are  deterministic.  Let  Z|s  =  (A,Y,X,s,h)  be  the  stable  state 

machine  induced  by  a  machine    Z  =  (A,Y,X,f,h).  There  is  a  controller   C 
such  that  the  closed  loop  system  Zc  of  (1.1)  is  deterministic.  Let  Z  be  race 

free,  a  controller   C   which  passes  the  reference  input,  unmodified,  to   Z 
ensures  the  closed  loop  system   Zc   remains  deterministic.  Next  let  Z  have 

a  critical  race  which  induces   k   critical  races  in  the  stable  state  machine 
Z|s.  Denote  the  critical  race  pairs  in  Z|s  by  (xi,U|),  i  =  1,  ...,  k.  A  controller 

C   can  be  constructed  to  pass  any  input  except  Uj  whenever  Z  |  s  is  in  a 

stable  combination  of  the  state  Xj,  i  =  1,  ...,  k.  The  controller  passes  the 

reference  input,  unmodified,  when    Z|s   is  in  any  other  state. 

Consider  two  machines    Z  =  (A,Y,X,f,h)   and   Z'  =  (A,Y,X,f  ,h)    thai 

have  the  same  input  sets,  the  same  output  sets,  the  same  state  set,  and  the 


41 


42 


same  output  function.  Recall   X  is  equivalent  to   £'   whenever  for  all  x  e  X 
and  all  permissible  input  lists   a  e  A+,  the  same  output  sequence  is 
generated  by  I  and  X'  whenever  the  list  a  is  applied  starting  in  the  state 
x.  Here,   I  and  I'   have  the  same  input  and  output  sets,  as  well  as  the 
same  output  function   h,  thus   X  is  equivalent  to   X'   whenever  the 
transition  functions   f  and   f   are  identical,  i.e.  the  sequences  of  states  X 
and  X'   pass  through  when  driven  by  the  input  list   a   are  identical. 
Similarly  the  stable  state  machine  X  (     induced  by  X  is  equivalent  to  the 
stable  state  machine   X  |  '  induced  by  X'   whenever  the  stable  transition 
function  s  of  X|      is  identical  to  the  stable  transition  function  s'   of  X|s'. 
Now  consider  the  closed  loop  system    Xc  =  (A,Y,XxE,g,h)    consisting 

of  the  machine    X  =  (A,Y,X,f,h)    with  a  controller    C  =  (AxY,Y,E><f>/n) 
connected  as  figure  (1.1).  The  transition  function  g  of  Xc  is  defined  by 

g((x,oc),v)  =  (ftx,n(a,(x,v))),<j>(a,(x,v)))   for  all  valid  (x,cc)  e  XxE  and  v  e  A. 

For  the  model  matching  problem,  we  must  find  a  controller   C   such  that 
Xc|  s  is  equivalent  to  X|  s'.  The  state  set  of  Xc  is  not  the  same  as  the  state  set 

of  X',  however,  the  output  functions  of  Xc  and  X'   are  both  h,  and  h 

depends  only  on  the  states  from  X  not  XxE.  The  closed  loop  system  Xc|s  is 

equivalent  to  X  |  s'  whenever  the  stable  transition  function  y  of  Xc  ( s 

satisfies   y((x,a),v)  =  (s'(x,v),a')  for  all  valid  (x,a)  e  XxE  and  v  e  A,  and 
some  a'  e  E.  In  other  words,  the  next  stable  state  of  Xc|s  initially  in  (x,a) 

receiving  the  input  value  v  has  its  element  from  X  equal  to  the  next  stable 
state  of  X  |  s'  initially  in   x  receiving  the  input  value  v. 

Before  discussing  the  necessary  and  sufficient  conditions  for  the 
existence  of  a  corrective  controller,  we  discuss  the  changes  a  controller  can 
make  to  a  machine.  We  begin  by  discussing  the  changes  that  can  made  to  a 
single  stable  transition  of  a  machine.  This  leads  to  the  following  statement. 
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(5.1.1)  LEMMA.  Let  S)s  =  (A,Y,X,s,h)  be  the  stable  state  machine  induced 
by  a  machine  L  =  (A,Y,X,f,h).  Choose  a  state  x^X  and  a  set  of  input 
values  Ai  c  A  which  form  valid  pairs  with  the  state  x-^.  Let  x^  e  X  be  any- 
state  stably  reachable  from   x-,.  Then,  there  is  a  controller  C   such  that  the 
stable  state  closed  loop  system  I  |     is  equivalent  to  a  machine  I'  that  has 

the  following  properties: 

(i)  L'  =  (A,Y,X,s',h)   has  the  same  input,  output,  and  state  sets,  as  well  as 

the  same  output  function,  as  the  machine   Z(   . 

(ii)  The  transition  function  s'  of  Z'  is  equal  to  the  transition  function  s  of 
Z|s  at  all  but  the  pairs  (x^A-^),  at  which  it  takes  the  value  x-^,  i.e.  s'(z,u)  = 
s(z,u)   for  all   (z,u)  e  XxA\(x1,A1),  and   s'(x1,A1)  =  Xj\ 

PROOF.  By  the  choice  of  xx'  there  is  an  input  list  Wj_  g  A+,  w1  =  v0v1...vm. 
lf  such  that  s(x1,w1)  =  x1'.  Denote  xn  :=  s(x1,vQ),  x12  :=  s(x11,v1),...,  x1(m_1j 
:=  s(xl(m-2)-vm-2)'    xl   :=  s^xl(m-l)  >vm-l)>   xli  e  X  for  i  =  l,...,m-l. 

In  intuitive  terms  the  controller  we  build  functions  as  follows.  The 
controller  stays  in  its  initial  state  aQ  until  a  stable  combination  of  the  state 

x-^    occurs.  When  a  stable  combination  of  x1   occurs,  the  controller  enters 
the  state  o^.  The  controller  returns  to  its  initial  state  from  the  state  a1 
when  its  input  is  any  pair  except  stable  combinations  of  x-j_  or  one  of  the 
pairs  (x1,A1).  The  controller  stays  in  its  state  o^  whenever  the  input  to  the 
controller  is  a  stable  combination  of  x-^.  The  controller  enters  its  state  a2 
from  the  state  a1   whenever  the  input  to  the  controller  is  one  of  the  pairs 
(x1,A1).  At  the  state  a9   the  controller  produces  the  output  vQ.  It  remains  in 
that  state  until  the  machine  reaches  the  pair  (x1;l,Vq);  i.e.   until  the 
machine  reaches  its  next  stable  combination.  When   (xi:l,Vq)   occurs,  the 
controller  goes  to  the  state   oc3,  producing  the  output  value  vx.  This 
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continues  for  2  <  i  <  m  with  at  each  state  0Cj   the  controller  produces  the 
output  value  Vj_2  until  the  state  Xw.i)  is  reached.  Then  the  controller  goes 
to  the  next  state  oci+1.  When  the  state  x1/m_1)  is  reached,  the  controller  will 
enter  the  state  am+1.  The  controller  produces  the  output  value  vm_1  until 
the  state  x-^'   is  reached  by  the  machine.  The  controller  returns  to  the  state 
0Cq    once  the  reference  input  is  changed. 

The  stable  transition  function  y  of  the  closed  loop  system  Zc  satisfies 
7((x1,a0),A1)  =  (x1',am+1)  and  y((z,a0),u)  =  (s(z,u),a0)  for  all  (z,u)  e 
XxA\(x1,A1). 

We  now  construct  a  controller   C  =  (AxY,A,5><M)   as  follows.  The 
state  set  E  of  the  controller  consists  of  m+2  states,  which  we  denote  by  the 
symbols   a0,a1,...,arn+1.  We  define  the  transition  function  §  from  the  state 

a0  by  setting  0(ao,(z,u))  =  a0  for  all  (z,u)  e  XxA\(x1,U1)  where  U^A  is 

the  set  of  input  characters  which  form  stable  combinations  with  the  state 
x1?  and  (()(aQ,(x1,U1))  =  a^  The  value  of  the  output  function  r\  for  the  same 

state  is  r|(a0,(z,u))  =  u  for  all   (z,u)  g  XxA. 

The  transition  function  from  the  state  a1  is  defined  by  setting 

())(a1,(x1,A1))  =  a2,  0(a1,(x1,U1))  =  ax  where  Ul  c  A  is  the  set  of  input 

characters  which  form  stable  combinations  with  the  state   xlf  and 

0(a1,(z,u))  =  a0  for  all  other  (z,u)  e  XxA.  The  value  of  the  output  function  at 

the  same  state  is  T](a1,(z,u))  =  ul  where  u1  e  XJ1. 

The  rest  of  the  transition  function  and  output  function  are  given  by: 
<J)(a2,(z,u))  =  a2  for  all  (z,u)  g  XxA\(x11,A1)  and  (|)(a2,(x11,A1))  =  a3 
r](a2,(z,u))  =  v0  for  all  (z,u)  e  XxA 

(j)(a3,(z,u))  =  a3  for  all  (z,u)  e  XxA\(x12,A1)  and  (J)(a3,(x12,A1))  =  a4 
ri(a3,(z,u))  =  vx  for  all  (z,u)  e  XxA 
for  4  <  i  <  m 
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(Kcij.Cz.u))  =  ccj   for  all  (z,u)  e  XxA\(x1(i,1),A1)    and  (j)(ai,(x1(i.1),A1)  =  ai+1 
rjCa^Cz.u))  =  vi2  for  all  (z,u)  e  XxA 

and  for  i  =  m+1 

4>(am+1,(z,u))  =  am+1   for  all  (z,u)  e  XxA\(x1',A  -  Ax)  and  (J)(am+1,(x1',A  - 

Ax))  =  a0. 

T](am+1,(z,u))  =  vml   for  all   (z,u)  e  XxA. 

We  can  see  that  the  output  of  the  controller  C  to  the  machine  L  is 
the  input  to   C   whenever  any  pair  except  one  of  (x1,A1)  occurs.  The 
controller  stays  in  its  initial  state  a0  and  outputs  the  current  input  to  the 
machine   I  until  a  stable  combination  of  the  state  xx   occurs.  On  detecting 
a  stable  combination  of  x-^  the  controller  goes  to  the  state  o^.  In  the  state 
a1  the  controller  looks  for  one  of  the  pairs  (x1,A1).  If  one  of  the  pairs 
(x1,A1)  is  detected  after  a  stable  combination  of  the  state  x1(  the  controller 
outputs  the  list  wx  to  the  machine  I  which  brings  I  to  the  desired  state 
X]\  Once  X  has  reached  the  state  x^   the  controller  waits  until  the 
reference  input  is  changed  and  then  reenters  its  initial  state   aQ. 

Now  assume  there  is  a  controller  C   such  that  the  closed  loop  system 
Ecls  is  equivalent  to  I'  and  that  x^  is  not  stably  reachable  from  x^ 

Recall  that  Lc  |  s  is  equivalent  to  I'   whenever  y((x,a),u)  =  (s'(x,u),a')  for 

all  valid  pairs    (x,u)  e  XxA   and  controller  states   a,  a'  e  E,  and  that   s'(x,u) 
=  s(x,u)   for  all  valid  pairs   (x,u)  e  XxA   except   (x1,A1)   for  which   sXx-pAi) 
=  x1'.  A  controller   C,  therefore,  must  ensure  that  Ic|s  initially  in  the  state 
x-^  receiving  one  of  the  input  values  A1  has  x^   as  its  next  stable  state. 
Also  recall  that  the  only  access  a  controller   C   has  to  a  machine   I  is 
through  the  input  to   I.  A  controller  C   can  only  cause  a  stable  transition 
from  Xj  to  x-^'  in  Z  by  providing  an  appropriate  input  list  w  e  A+  to  I 
which  drives   I  from  x1   to  x^.  This  implies  that  there  is  a  w  e  A+   such 
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that  sCxj.w)  =  xx',  and  that  C  provides  the  list  w  to  I  when  one  of  the 
points  (x1,A1)   occurs.  However,  the  state  x^   is  not  stably  reachable  from 
x1?  so  there  is  no  w  e  A+   such  that  slx^w)  =  Xj\  In  other  words,  a  stable 
transition  from  x-^  to  x-,'   does  not  exist  in  I.  There  is  no  possible  way  for 
the  machine  I  to  enter  the  state  x-^'   starting  from  the  state  Xj_  operating 
in  fundamental  mode.  This  is  a  contradiction,  and   x-^'   must  be  stably 
reachable  from   Xj   whenever  a  controller  C   exists  so  the  closed  loop 
system  Ic)s  is  equivalent  to  I'.  ♦ 

The  controller  provides  an  input  list  which  drives  the  machine  along 
a  path  ending  at  the  desired  combination.  The  input  list  is  provided  one 
character  at  a  time,  and  each  new  character  is  given  when  the  machine 
arrives  in  its  next  stable  combination  from  the  previous  input  character. 
This  continues  until  the  entire  input  list  is  used  and  the  machine  reaches 
the  desired  stable  combination.  The  controller,  in  effect,  substitutes  a 
different  desired  stable  transition  for  the  original  stable  transition. 

The  controller  C   from  Lemma  (5.1.1)  has  m+2   states,  where  m  is 
the  length  of  the  path  from  the  initial  pair  to  the  desired  end  pair.  There  are 
an  infinite  number  of  controllers   C  with  more  states  than   C   that  effect 
the  same  changes  on   I   as  the  controller   C.  There  may  also  be  controllers 
C"  with  less  states  than   C   that  effect  the  same  changes  in  Z  as  the 
controller    C.  Minimization  procedures  exist  which  can  provide  a  corrective 
controller  C  with  the  smallest  number  of  states  (see  Kohavi  [24]  for 
details). 

We  denote  the  controller  of  Lemma  (5.1.1)  by  C((x1,A1),w1,x1').  The 
controller  C((x1,A1),w1,x1')  provides  the  input  list  w1   to  the  machine  it  is 
controlling  whenever  the  controller  recognizes  one  of  the  pairs    (x1,A1) 
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after  a  stable  combination  of  the  state  x-^.  This  will  take  the  machine  being 
controlled  to  the  state  X]\ 

Recall  that  I  is  an  input/state  machine,  the  output  of  Z  is 
isomorphic  to  the  current  state  of  Z,  h(x,u)  =  ^(x)  for  all  valid  (x,u)  e 
XxA.  If  the  output  isomorphism  ^  is  not  the  identity  map,  the  input  to  the 

controller  needs  to  be  precompensated.  The  controller  will  need  to  receive 
^h'Hh^u))  =  x.  Including  the  precompensator,  we  can  write  the  controller 
in  the  form   C  =  (Ax^-l-Y^Z^ri).  In  the  present  work,  we  will  consider 
machines  whose  output  is  the  current  state,  i.e.   ^^   is  the  identity  map. 

We  stated  earlier  that  a  corrective  controller  C  connected  as  in 
figure  (1.1)  with  a  machine  I  ensures  that  the  stable  state  closed  loop 
system   Ic|  s   operates  in  fundamental  mode,  i.e.  the  addition  of  a  controller 

C   to  a  machine  I   does  not  create  any  additional  critical  races.  Referring  to 
the  controller  of  Lemma  (5.1.1),  we  show  this  result  now. 

(5.1.2)  PROPOSITION.  The  closed  loop  system  Ic  of  Lemma  (5.1.1) 

operates  in  fundamental  mode. 

PROOF.  Let  Ic  start  in  one  of  its  stable  combinations,  ((x,ccq),v). 

Responding  to  a  change  in  the  reference  signal,  the  controller  receives  a 
pair,  say  (x,u).  From  its  state   a0,  the  controller  remains  in   a0   whenever 

the  input  pair  (x,uj  is  not  one  of  the  stable  combinations  of  the  state  Xj. 

There  is  no  state  change  in  C,  so  the  output  of  C   may  be  changed  in  a0.  In 

ocq,  the  reference  input  value  is  the  output  to  the  machine   Z,  and  Zc 

operates  in  fundamental  mode  (C  makes  no  changes  in  state,  so   Z  is 

allowed  to  be  changing). 

Also  from  its  state  oc0,  whenever  the  input  pair  is  a  stable 

combination  of  the  state  xls  the  controller  C  enters  its  next  stable  state  o^. 


48 

The  output  of  C   remains  constant  (at  the  previous  reference  input  value) 
until  the  state  a1   is  reached.  Once   ctj   is  reached,  the  controller  may 

change  its  output  value  to  one  of  the  values  that  form  a  stable  combination 
with  the  state  x^  We  can  see  that  while  C   changes  state,  the  output  value 

of  C   remains  constant.  Thus   I  will  not  start  any  changes  until  C   has 
reached  its  next  stable  state  a1;  and  changes  its  output  value.  Thus  Xc 
operates  in  fundamental  mode  whenever  C   is  in  its  state   aQ. 
Now  suppose  the  controller  C  is  in  its  state   o^.  For  this  to  occur,   Z  must 
be  in  a  stable  combination  of  the  state  x±.  When  in  the  state  oclf  the 
controller  outputs  a  value  which  forms  a  stable  combination  with   xx.  The 
controller  remains  in  the  state   o^   and  its  output  value  remains  the  same 
unless  one  of  the  pairs   (x1,A1)   occurs  or  the  reference  input  is  changed  to  a 
value  in  A  -  (A1  u  U1).  When  one  of  the  pairs  (x1,A1)   occurs,  the  controller 
enters  its  next  stable  state  oc2.  The  output  remains  fixed  at  the  previous 
value  until   a2  is  reached  by  C.  When  a  reference  input  in  A  -  (Ax  u  Uj_) 
occurs  the  controller  enters  its  initial  state   aQ.  Again  the  controller  output 
remains  fixed  at  the  previous  value  until   aQ  is  reached.  Thus  the 

controller  output  does  not  change  until  any  state  transitions  of  the 
controller   C   are  finished,  and   I     operates  in  fundamental  mode 

whenever  C  is  in  its  state  o^. 

Now  for  the  rest  of  the  states  of  the  controller  o^,  i  =  2,...,m,  the 
closed  loop  systems  operates  as  follows.  In  the  state   c^,  the  controller  C 
outputs  the  value  v- _2.  The  controller  remains  in  the  state  o^  until  the 
machine   I   reaches  its  next  stable  state   Xj^jx.  When   I   reaches  Xj«  jj 
the  controller  enters  the  state   ai+1  The  output  of  the  controller  remains   v-_ 
2  until  C  has  reached  ai+1.  Thus  at  each  state  ai?  the  controller  output 
remains  constant  while    I  is  changing  states,  and   I  is  in  a  stable 
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combination  whenever   C    is  changing  states.  Thus    I     operates  in 
fundamental  mode  when  the  controller  is  in  the  states   o^,  i  =  2,...,m. 

Finally,  for  the  controller  state   ot    +1,  the  controller  output  remains 
constant,    vm_1,  until   I   reaches   x-,'.  Once   L   has  reached   I',  the  reference 
input  is  allowed  to  change,  and  the  controller  reenters  its  initial  state   ocq. 
The  controller  output  remains   vml  until  oc0   is  reached.  Thus  the  closed 
loop  system  Ic   operates  in  fundamental  mode  for  all  states  of  the 

controller,  and  as  long  as  the  reference  inputs  do  not  violate  fundamental 
mode,  neither  will  the  system   Ic. 

In  more  intuitive  terms,  in  response  to  a  change  in  the  output  of  C, 
the  machine    I    may  commence  a  series  of  transitions.  We  can  see  from  the 
controller  of  Lemma  (5.1.1)  that  the  controller  C   does  not  commence  any 
state  transitions  until  it  identifies  that  I  has  reached  its  next  stable  state 
in  response  to  the  change  in  input.  Thus  the  output  and  state  of  C  are  kept 
constant  while   I  is  changing  states.  The  output  of  C  is  also  kept  constant 
while    C   is  changing  states  ensuring  that   I    remains  constant  during  any 
controller  state  transitions.  In  this  way   I   and   C   will  not  simultaneously 
engage  in  state  transitions;  furthermore,  while  one  of  the  systems   I  or  C 
is  engaged  in  state  transitions,  its  input  values  will  remain  fixed.  Of 
course,  the  system  must  be  operated  so  that  the  rate  of  changes  of  the 
external  reference  variable   v  is  slow  enough,  to  allow  the  closed  loop 
system  to  reach  its  next  stable  state  before  a  new  input  change  occurs.  This 
is  a  standard  requirement  in  the  operation  of  asynchronous  sequential 
machines.   ♦ 

Next  we  extend  the  result  of  Lemma  (5.1.1)  to  any  number  of  stable 
transitions  of  a  machine. 
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(5.1.3)  THEOREM.  Let  Iis  =  (A,Y,X,s,h)  be  the  stable  state  machine 
induced  by  a  machine   I  =  (A,Y,X,f,h).  Choose   k   states   xi  e  X,  i  =  l,...,k, 
and  k   sets  of  input  values  A^  c  A,  where  Ai  is  a  set  of  inputs  which  form 
valid  pairs  with  the  state  Xj,  i  =  l,...,k.  Let  Xj'  e  X  be  any  state  stably 
reachable  from  Xj,  i  =  l,...,k.  Then,  there  is  a  controller  C   such  that  the 
stable  state  closed  loop  system  I  |     is  equivalent  to  a  machine  Z'  that  has 

the  following  properties: 

(i)  I'  =  (A,Y,X,s',h)   has  the  same  input,  output,  and  state  sets,  as  well  as 

the  same  output  function,  as  the  machine   Z|s. 

(ii)  The  transition  function   s'   of  I'  is  equal  to  the  transition  function  s  of 

S|s  at  all  but  the  pairs   (x^A-)   at  which  it  takes  the  value   Xj',  i  =  l,...,k.  i.e. 

s'(z,u)  =  s(z,u)    for  all    (z,u)  e  XxA\(x-,Aj)   and   s'Cx^A^)  =  Xj',  i  =  l,...,k. 

PROOF.  First  all  items  indexed  the  same  correspond  to  each  other,  i.e. 
(x^Aj),  W|,  X|'    all  correspond  to  each  other. 

By  the  choice  of  X|'   there  is  a   W;G  A+,   w-  =  viovii---vi(m(i)-l)   sucn 
that   sCxj.Wj)  =  Xj'.  Denote   xn  :=  sCx^Vjo).  xi2  :=  s(xil,vil),  xi3  :=  s(xi2,vi2),..., 

xi(m(i)-l)  :=  s(xi(m(i)-2)'vi(m(i)-2)^'  xi'  :=  s^xi(m(i)-l)'Vi(m(i)-l)^'  i  =  !»•••. k- 

We  construct  a  controller   C  =  (AxY,A,Z,(|),r|)   as  follows.  The  state  set 

k  k 

of  the  controller  E  consists  of  2  +   v  |  w.  |  =2+   £  m(i)  states  denoted  by  S 

i=l  i=l 

{a0,a1,a11,a12,...,alm(1),a21,...,a2m(2),---,ocil,...,aim(i),...,akl,...,akm(k)}.  We 
define  the  transition  function  0  from  the  state  ot0  by  setting  (|)(a0,(z,u))  =  a0 
for  all   (z,u)  e  XxAMx^U-)  where   UjC  A  is  the  set  of  input  values  which 
form  stable  combinations  with  the  state   Xj,  and   ^(aQ.Cxj.Uj))  =  alt  i  =  l,...,k. 
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The  value  of  the  output  function  n,   for  the  same  state  is  "n(a0,(z,u))  =  u  for 

all    (z,u)  e  XxA. 

The  transition  function  from  the  state  o^  is  defined  by  setting 
0(a1,(xi,Ai))  =  ail(  0(a1,(xi,Ui))  =  av  i  =  l,...,k  and  §(av{z,u))  =  a0  for  all 

other  (z,u)  e  XxA.  The  value  of  the  output  function  at  the  same  state  is 
rjCa^z.u))  =  ui  where   U|  e  Uj.  The  rest  of  the  transition  function  (J)  and 

output  function  r\  are  given  by: 
fori  =  l,...,k 

<J)(ai:L,(z,u))  =  aa   for  all   (z,u)  e  XxA\(xil,Ai)  and  (^(a^.Cx^.Aj))  =  ai2 
TiCa^.Cz.u))  =  vi0   for  all   (z,u)  e  XxA 

<J)(a-2,(z,u))  =  ai2   for  all   (z,u)  e  XxAMx^.Aj)  and  0(ai2,(xi2,Ai))  =  ai3 
T](ai2,(z,u))  =  vix    for  all   (z,u)  e  XxA 

for  3  <  j  <  m(i)-l 

(Xa^.Cz.u))  =  a-   for  all   (z,u)  e  XxAMx^Aj)  and  (^(a-Xx-.A^)  =  a-+1 

r\{a-,(z,u))  =  V- j   for  all   (z,u)  e  XxA 

and  for  j  =  m(i) 

0(aim(i)>(z,u))  =  aim(i)    for  all    (z,u)  e  XxAVx^A  -  A{)  and   <j>(aim(i),(xi\A  - 

Aj))  =  a0 

rl(aim(i)'(z'u))  =  vi(m(i)-l)    for  a11    (z'u)  e   XxA 

The  output  of  the  controller  C   to  the  machine  I  is  the  reference 
input  to   C   whenever  any  combination  except  one  of  the  pairs   (x-,A-),  i  = 
l,...,k  occur.  The  controller  stays  in  its  initial  state  aQ  and  outputs  the 

current  input  to  the  machine   I   until  one  of  the  stable  combinations  of  the 
states   X|,  i  =  l,...,k  occur.  On  detecting  one  of  the  stable  combinations  of 
one  of  the  states  xi?  i  =  l,...,k  the  controller  goes  to  the  state  o^.  In  th^  state 
cc-l   the  controller  looks  for  one  of  the  pairs  (x^Aj),  i  =  l,...,k.  If  one  of  the 
pairs   (x^A-)  is  detected  after  a  stable  combination  of  xi;  the  controller 
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outputs  the  appropriate  list  w^  to  the  machine  L  which  brings  I  to  the 
desired  state   Xj\  Once   I   has  reached  the  state   x^,  the  controller  waits 
until  the  reference  input  is  changed  and  then  reenters  its  initial  state   aQ. 

Now  assume  there  is  a  controller  C   such  that  the  closed  loop  system 
Ec  |     is  equivalent  to  X'   and  that  Xj'  is  not  stably  reachable  from  xi  for 

some  i,  i  =  l,...,k.  Recall  that  Xc|s  is  equivalent  to  L'  whenever  *y((x,a),u) 

=  (s'(x,u),a')   for  all  valid  pairs   (x,u)  e  XxA   and  controller  states   a,  a'  €  S, 
and  that    s'(x,u)  =  s(x,u)   for  all  valid  pairs   (x,u)  e  XxA  except  (x^A-)   for 
which    sXx^Aj)  =  x-',  i  =  l,...,k.  A  controller    C    must  ensure  that   Zc|s 
initially  in  one  of  the  states  xj   receiving  one  of  the  input  values  Aj  has  Xj' 
as  its  next  stable  state,  i  =  l,...,k.   Also  recall  that  the  only  access  a 
controller   C   has  to  a  machine  L  is  through  the  input  to  I.  The  corrective 
controller   C   can  cause  a  transition  from  x-  to  x-1  in  I  by  providing  an 
appropriate  input  list   w-  e  A+  to  I   which  drives   X  from  x^  to  x-',  i  = 
l,...,k.  This  implies  that  for  every  i  ,  i  =  l,...,k,  there  is  a  wi  g  A+   such  that 
sCx^w^)  =  X|',  and  that  C  provides  the  list  w-  to  I  when  one  of  the  points 
(x-,Aj)    occurs. 

However,  if  any  x-'  is  not  stably  reachable  from  x-,  i  =  l,...,k,  then 
there  is  no   wi  g  A+   such  that  s(X|,W|)  =  x^.  So  there  is  at  least  one  set  of 
pairs   (X|,A-)    for  which  a  controller  cannot  provide  an  appropriate  input 
list  for  yCCx^.aJ.Aj)  =  (x^a').  This  is  a  contradiction,  and   Xj'   must  be  stably 
reachable  from   x-   for  all  i  =  l,...,k   whenever  a  controller  C   exists  such 
that  Ic|s  is  equivalent  to  I'.  ♦ 


k 
The  controller  C   from  Theorem  (5.1.3)  has   2+   X  lm(i)|    states, 

i=l 

where   m(i)  is  the  length  of  the  path  from  the  ith  starting  pair  to  the 
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desired  end  pair.  There  are  an  infinite  number  of  controllers   C   with  more 
states  than   C   that  effect  the  same  changes  in  X  as  the  controller  C.  There 
may  also  be  controllers  C"   with  less  states  than  C   that  effect  the  same 
changes  in   I   as  the  controller   C. 

The  controller  designed  in  Theorem  (5.1.3)  is  similar  to  combining  k 
parallel  controllers  like  the  controller  of  Lemma  (5.1.1).  Only  one  of  the 
parallel  components  is  ever  active  at  any  one  time,  and  each  component  is 

independent  of  all  the  other  components.  We  denote  the  controller  of 
Theorem  (5.1.3)  by  C({(x1,A1))(x2,A2))...,(xk,Ak)},{w1,...,wk},{x1',...,xk'}) 

which  we  can  shorten  to    C((xj,Ai),Wj,Xj'),  i  =  l,...,k.  The  controller 

C((xj,A-),Wj,Xi'),  i  =  l,...,k   provides  the  input  list   Wj   to  the  machine  it  is 

controlling  whenever  the  controller  recognizes  one  of  the  pairs    (x^A^),  i  = 

l,...,k  after  a  stable  combination  of  one  of  the  states  x-,  i  =  l,...,k.  This  will 

take  the  machine  being  controlled  to  the  state   x-'. 

We  can  see  that  the  controller  constructed  in  Theorem  (5.1.3) 
connected  with  a  machine   I   as  in  (1.1)  operates  in  fundamental  mode.  The 
argument  follows  that  of  Proposition  (5.1.2). 

Let  I  =  (A,Y,X,f,h)  be  a  machine,  and  denote  the  states  of  I  by  X  = 
{x-p  ...,  xn).  Now  recall  from  the  definition  of  the  skeleton  matrix  that 

whenever  the   i,j   entry  of  the  skeleton  matrix  S^"1^^)  of  the  machine  Z 
is  a  one  then  the  state  Xj  of  X  is  stably  reachable  from  the  state  xj  of  X. 

Using  this  result  we  can  restate  Lemma  (5.1.1)  and  Theorem  (5.1.3). 

(5.1.4)  PROPOSITION.  Let  X,s  =  (A,Y,X,s,h)  be  the  stable  state  machine 
induced  by  a  machine    I  =  (A,Y,X,f,h)   and  let   #X  =  n.  Choose  a  state  x^_  e 

X  and  a  set  of  input  values   AicA  which  form  valid  pairs  with  the  state 
x1.  Let  xj'  e  X  be  any  state  such  that  the  entry  of  the  skeleton  matrix  S^n" 
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1)(I)  indexed  by  the  states  Xj  and  xx'  is  a  one.  Then,  there  is  a  controller 
C  such  that  the  stable  state  closed  loop  system  Ic  |  s  is  equivalent  to  a 
machine    I'    that  has  the  following  properties: 

(i)  I'  =  (A,Y,X,s',h)    has  the  same  input,  output,  and  state  sets,  as  well  as 
the  same  output  function,  as  the  machine    E|g. 

(ii)  The  transition  function  s'  of  I'  is  equal  to  the  transition  function  s  of 
1 1  at  all  but  the  points  (x1,A1),  at  which  it  takes  the  value  x^,  i.e.  s'(z,u) 
=  s(z,u)   for  all   (z,u)  e  XxAVxpA-^),  and   s'(x1,A1)  =  x-j\ 

(5.1.5)  PROPOSITION.  Let  I,  s  =  (A,Y,X,s,h)  be  the  stable  state  machine 
induced  by  a  machine    I  =  (A,Y,X,f,h)   and  let   #X  =  n.  Choose   k   states   Xj 
e  X,  i  =  l,...,k,  and  k   sets  of  input  values  AjC  A.   where  Ai  is  a  set  of 
inputs  which  form  valid  pairs  with  the  state   x-.  Let  Xj'  e  X  be  any  state 
such  that  the  entry  of  the  skeleton  matrix  S^11"1^!)  indexed  by  the  states  Xj 
and  Xj'  is  a  one,  i  =  l,...,k.  Then,  there  is  a  controller  C   such  that  the 
stable  state  closed  loop  system  I  |     is  equivalent  to  a  machine  X'  that  has 

the  following  properties: 

(i)  X'  =  (A,Y,X,s',h)   has  the  same  input,  output,  and  state  sets,  as  well  as 

the  same  output  function,  as  the  machine    X|s. 

(ii)  The  transition  function   s'    of  I'   is  equal  to  the  transition  function  s  of 
X|s  at  all  but  the  points   (x^A^,  at  which  it  takes  the  value  Xj',  i  =  l,...,k. 
i.e.    s'(z,u)  =  s(z,u)    for  all    (z,u)  e  XxA\(xi,Ai)   and   sXxj.Aj)  =  x^,  i  =  l,...,k. 

Whenever  a  stable  state  machine   X|s  is  strongly  connected,  the 
desired  end  state  Xj'  can  be  any  potentially  stable  state  of  S|s. 

The  necessary  input  lists  for  the  controller  design  are  found  in  the 
appropriate  entries  of  the  matrix  of  stable  transitions   R^"1^!).  The  input 
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lists,  however,  are  not  always  minimal.  There  may  be  stable  cycles,  which 
can  be  removed,  and  the  resulting  minimal  input  list  is  used  to  build  the 
corrective  controller. 

The  results  of  Theorem  (5.1.3)  and  Proposition  (5.1.5)  explain  the 
changes  a  controller  can  effect  on  a  machine.  We  proceed  now  to  finding 
when  a  corrective  controller  C   exists  for  a  machine   I,  such  that  the  stable 
state  closed  loop  system  Ic  |  s  is  equivalent  to  a  machine  I'. 


5.2  Corrective  Controller  Existence  for  a  Machine 

(5.2.1)  LEMMA.  Let  I|  s  =  (A,Y,X,s,h)   be  the  stable  state  machine  induced 
by  a  machine   I  =  (A,Y,X,f,h),  and  let   I'  =  (A,Y,X,s',h)   be  a  stable  state 
machine.  Let   #X  =  n.  If  the  skeleton  matrix   S^11"1^)   of  the  machine  Z  is 
identical  to  the  skeleton  matrix    S^'^d')   of  the  machine   X',  i.e.   S^^HZ)  = 
S(n-1)(£')   then  there  is  a  controller  C   such  that  the  stable  state  closed  loop 
system   Lc|      is  equivalent  to  the  machine   Z'. 

PROOF.  Denote  the  states  of  I  and  I'  as  X  =  {x1,x2,...,xn}.  Recall  that 
Zcls  is  equivalent  to   I'   whenever  y((x,a),u)  =  (s'(x,u),a')  for  all  valid  pairs 
(x,u)  €  XxA,  y  is  the  stable  transition  function  of  £c|s,  and  a  and  a'   are 

states  of  the  controller  C.  The  controller  C   must  ensure  that  for  all  valid 
pairs    (X|,u)  e  XxA  that  whenever    sXx^u)  =  x^   that  y((xj,a),u)  =  (xk,a'). 
Also  recall  that  whenever   s'(Xj,u)  =  x^   the  entry  S^     (£')  is  a  one  and 
thus  the  entry  S^k     (I)  is  also  a  one,  i.e.   whenever   s'(xj,u)  =  x^   the   state 
xk   is  stably  reachable  from  the  state   Xj  in  I   since   S'^HL)  =  S^""1^'). 
Now  for  all  stable  transitions    s'Cx^u)  =  xk,  either   s(xi(u)  =  x^   or  by 
Theorem  (5.1.3)  a  controller  C   can  be  constructed  so  that  yCCx^cx)^)  = 
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(xk,a'),  since   xk   is  stably  reachable  from   x^  in  I.  Thus  7((x,a),u)  = 

(s'(x,u),a')   for  all  valid  pairs   (x,u)  e  XxA,  and  the  stable  state  closed  loop 
system  S.|s  is  equivalent  to  I'.  ♦ 

Consider  two  nxn  skeleton  matrices  S  and  S'.  Let  i  and  j  be  two 
integers.  Define  the  relation  >   for  two  skeleton  matrices  by  S  >  S' 
whenever   Sjj  >  S^'   for  all  i  =l,...,n  and  j  =  l,...,n.  Remember  that  all  of 

the  elements  of  S  and  S'   are  ones  and  zeros,  so  this  relation  will  only  fail 
when  for  some   i   and  j,  S,;  =  0   and  Sy'  =  1. 

(5.2.2)  LEMMA.  Let  Its  =  (A,Y,X,s,h)  be  the  stable  state  machine  induced 

by  a  machine   I  =  (A,Y,X,f,h),  and  let  X'  =  (A,Y,X,s',h)   be  a  stable  state 

machine.  Let   #X  =  n.  The  following  two  statements  are  equivalent. 

(i)  There  is  a  controller  C   such  that  the  stable  state  closed  loop  system  Ec)  s 

is  equivalent  to  the  machine   I'. 

(ii)  The  skeleton  matrix   S^-^d)   of  the  machine  I  satisfies   S^-^L)  > 

S(n-D(r). 

PROOF.  Denote  the  states  of  I  and  I'  as  X  =  {xj^, ...,xn}.  Recall  that 

Zc|s  is  equivalent  to   I'   whenever  y((x,oc),u)  =  (s'(x,u),ct')   for  all  valid  pairs 

(x,u)  e  XxA,  where  y  is  the  stable  transition  function  of  Lc  |  s,  and  a,  a' 

are  states  of  the  controller   C.  The  controller   C   must  ensure  that  for  all 
valid  pairs    (x^u)  e  XxA  that  whenever    sXx^u)  =  xk   that  yC(xj,a),u)  = 
(xk, a').  Also  recall  that  whenever   s'Cx^u)  =  xk   the  entry  ^k     (I')  is  a  one 
and  thus  the  entry  S^     (I)   is  also  a  one,  i.e.    whenever   s'(xj,u)  =  x^   the 
state   xk  is  stably  reachable  from  the  state   xi  in  I  since  S^n_1HD  ^  S(n- 
^(I').  Now  for  all  stable  transitions   s'(Xj,u)  =  xk,  either   s(xi(u)  =  xk   or  by 
Theorem  (5.1.3)  a  controller  C   can  be  constructed  so  that  yUx^cO.u)  = 
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(xk,ot')   since   x^   is  stably  reachable  from   Xj  in  X.  Thus   y((x,a),u)  = 

(s'(x,u),a')   for  all  valid  pairs   (x,u)  e  XxA,  and  the  system    Xc|s  is 

equivalent  to   X'. 

Now  assume  there  is  a  controller  C   such  that  the  closed  loop  system 
Ic,  s  is  equivalent  to  X'   and  that  S^-^d)  2  S^-^X').  There  is  then,  at 

least  one  entry  of  S(l>1)(X')   which  is  a  one  and  the  same  entry  of  S^11"1^!) 

is  a  zero.  Suppose  that  the  i,j  entry  is  of  this  type.  There  is  then  a  path  from 
Xj  to  Xj  in  X'  but  not  in  X.  This  implies  that  for  some  point  along  this  path 

that  there  is  a  stable  transition   s'(x,u)   which  takes  on  a  different  state 
value  than  s(x,u)  and  that  this  state  is  not  stably  reachable  from  x  in  X. 
Otherwise,   x-  is  stably  reachable  from  Xj  in  X  and  the  i,j   entry  of  S^n' 
D(X)  is  a  one.  Recall  that  Xc  (     is  equivalent  to  X'   whenever  y((x',a),u')  = 
(s'(x',u'),a')   for  all  valid  pairs   (x',u')  €  XxA.  However,  there  is  at  least  one 
pair,   (x,u),  for  which    s'(x,u)   takes  on  a  value  that  y((x,a),u)   cannot  take 
on.  Thus   Xc  |  s   is  not  equivalent  to   X'    contradicting  our  assumption.  Thus 
whenever  a  controller  C   exists  such  that  Xc  |  s  is  equivalent  to  X'   then  the 
relation   S^-^X)  >  S(n-1J(X')   must  hold.  ♦ 

Whenever  a  stable  state  machine   X|s  =  (A,Y,X,s,h)   is  strongly 
connected,  the  relation    S'^HX)  >  S^-^X')   will  hold  for  any  X' = 

(A,Y,X,s',h). 

5.3  Corrective  Controller  Existence  for  a  Family  of  Machines 

(5.3.1)  PROPOSITION.  Let  M  =  {X^X.,,...^}  be  a  critical  race  family  of  q 
machines  induced  by  a  machine    X  =  (A,Y,X,f,h).  Let   X'  =  (A,Y,X,s',h)   be  a 
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stable  state  machine  and  let   #X  =  n.  Pick  any  machine   Ej   from  M,  i  = 

l,...,q.  The  following  two  statements  are  equivalent. 

(i)  There  exists  a  controller  C|   such  that  the  stable  system  Zic  j  s  is 

equivalent  to  the  machine    I'. 

(ii)  The  skeleton  matrix   Sfa-Ddj)   satisfies   S^"1^)  >  S^-Dd'). 

The  previous  given  methods  of  controller  design  can  be  used  to  design 

a  corrective  controller  for  any  one  member  of  a  critical  race  family  of 

machines.  The  controller  design  to  achieve  this  result  is  identical  to  the 

controller  designed  in  the  proof  of  Theorem  (5.1.3).  We  now  extend  this 

result  to  designing  a  single  controller   C    which  acts  as  a  corrective 

controller  for  all  the  members  of  the  critical  race  family  of  machines. 

Denote  the  connection  of  a  corrective  controller  C   with  a  member  Ej 

of  a  race  family  of  machines   M  =  {I1,I2J---,^q}  by  I-c.  Also  denote  the 

family  of  such  systems  as   Mc  =  {Xlc,X2c,...,Sqc},  and  the  stable  state  family 

of  systems  as   Mcls  =  {Ilc|  s,I2c ,  s,..,Xqd  SK 

(5.3.2)  THEOREM.  Let  M  =  [L1£2,...tLJ  be  a  critical  race  family  of 

machines  induced  by  a  machine    2  =  (A,Y,X,f,h)   that  has  a  single  critical 

race.  Let   I'  =  (A,Y,X,s',h)   be  a  stable  state  machine,  and  let   #X  =  n.  The 

following  two  statements  are  equivalent. 

(i)  There  is  a  controller  C   such  that  all  members  of  M  (     are  equivalent  to 

I'. 

(ii)  The  skeleton  matrix  SfM.)   satisfies  SfM)  >  S^-^d'). 

PROO^.    Recall  a  critical  race  family  of  machines   M  =  {1-^  ...,  X  }   is   q 

deterministic  stable  state  machines,  all  of  which  have  the  same  input  set 
A,  the  same  output  set  Y,  the  same  state  set  X,  and  the  same  output 
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function   h.  Let  the  critical  race  of  the  machine   L  be  at  the  pair  (x,u)  and 
let  the  transition  flx,u)  have  q  outcomes  denoted  by  {z1,...,z  }.  The 
transition  function    f-    of  the  machine   I-   assumes  the  value   Zj  for  the  pair 
(x,u),  i  =  l,...,q,  and  is  otherwise  equal  to  the  transition  function   f  of  E.  All 
members  of  the  critical  race  family  of  machines   M   differ  only  in  their  state 
transition  function,  and  then  only  in  the  value  of  the  transition  function  at 
one  pair,  that  of  the  critical  race   (x,u). 

The  critical  race   (x,u)   in   I  induces  up  to   #X  critical  races  in  the 
stable  state  machine   Z|s  =  (A,Y,X,s,h)   at  the  pairs   (X',u),  X'  c  X. 

Recall  that  Ijc|s  is  equivalent  to  £'   whenever  y((x,a),u)  = 

(s'(x,u),a')   for  all  valid  pairs   (x,u)  e  XxA,  y  is  the  stable  transition 
function  of  I;c|s  and  a,  a'   are  states  of  the  controller  C.  The  controller  C 

must  ensure  then  that  for  all  valid  pairs   (x,u)  e  XxA  that  whenever   s'(x,u) 

=  x'   that  y((x,a),u)  =  (x',a').  Also  recall  that  whenever   s'(x,u)  =  x'   the 
entry  of  S        (!')  indexed  by  the  states  x   and  x'  is  a  one  and  thus  the 

entry  of  5^ M)  indexed  by  x  and   x'. 

Now  pick  a  valid  pair  (x,u)  e  XxA.  Then  either   s^x^)   takes  on  a 
single  value  for  all  i  =  1,  ...,  q,  or  there  are  at  least  two  S|(x,u),  i  =  1,  ...,  q, 
which  take  on  different  values.  The  second  case  corresponds  to  a  critical 
race  at  the  pair  (x,u). 

Now  consider  a  path  from  a  state   x  to  a  state  x'  which  is  stably 

reachable  from  x  in   M,  there  are  two  possibilities.  There  is  an  input  list  w 
g  A+   such  that   Sj(x,w)  =  x',  i  =  1,  ...,  q,  or  there  are  input  lists  wi  e  A+ 

such  that   s^XjW})  =  x',  i  =  1,  ...,  q. 

Consider  for  our  model  matching  problem  that  there  are   p 
transitions    (x-,U:),  j  =  1,  ...,  p,  for  which   s'(X',U:)  *  s^x^U:)  for  all  i  =  1,  ..., 

q.  Denote  the  next  stable  state  of  the  stable  transition  s'(x:,U:)  as  X:'. 
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Let  S  of  the  p   transitions  to  be  changed  have  no  critical  race  in  the 
desired  path,  and  let  m  =  p  -  /"transitions  have  a  critical  race  in  the  desired 
path.  We  construct  a  controller   C  =  (AxY,A,Z,0,"n)   as  follows. 

We  define  the  state  transition  function  from  the  state  cc0  by  setting 
<t)(a0,(z,u))  =  aQ  for  all  (z,u)  e  XxA\(x-,lL)  where  U-  c  A  is  the  set  of  input 
values  which  form  stable  combinations  with  the  state   X:,  and  (J)(ocq,(x-,IL)) 
=  cc-p  j  =  1,  ...,  p.  The  value  of  the  output  function  n   for  the  same  state  is 
r|(aQ,(z,u))  =  u   for  all   (z,u)  e  XxA. 

The  transition  function  from  the  state   0Ci    is  defined  by  setting 
(f^a^Cxj.Uj))  =  aj1,  0(a1,(Xj,Uj))  =  av  j  =  1,  ...,  p,  and  (j)(a1,(z,u))  =  a0  for  all 

other  (z,u)  <e  XxA.  The  value  of  the  output  function  at  the  same  state  is 
rjCa^Cz.u))  =  U:   where   U:  g  U-. 

Now  first  consider  the   f  transitions  which  do  not  encounter  a 

critical  race.  The  rest  of  the  controller  construction  for  these  transitions  is 
identical  to  the  controller  constructed  in   (5.1.3),  i.e.  By  the  choice  of  x-' 

there  is  a   W:  e  A+,   w-  =  vjovjr--vj(m(j)-l)   sucn  that   s(xi»wj)  =  xj-  Denote 

Xjl  :=  s(xj'VjO)'  xj2  :=  s(xjl'vjl)'  xj3  :=  s(Xj2,Vj2),...,  Xj(mg).i)  :=  s(Xj(m(j}. 

2)'vj(m(j)-2))'  xj'  :=  s(xj(m(j)-l)'vj(m(j)-lp' J  =  1'  •■•»  *- 

And  the  rest  of  the  transition  function  0  and  output  function  rj   are  given 

by  for  j  =  1,  ...,  /'by 

<J)(aj1,(z,u))  =  ajX   for  all   (z,u)  e  XxA\(Xj1,U:)  and  0(aj1,(x-1,U:))  =  a-2 

-n(aj1,(z,u))  =  v-0   for  all    (z,u)  6  XxA 

(t>(oij2,(z,u))  =  aj2   for  all   (z,u)  s  XxA\(x-2,Uj)  and  0(aj2,(Xj2,Uj))  =  aj3 

rj(aj2,(z,u))  =  v-x   for  all   (z,u)  e  XxA 

for  3  <  k<  m(j)-l 

<j)(ajk,(z,u))  =  ajk   for  all   (z,u)  e  XxA\(xjk,Uj)   and   <|>((Xjk,Ujk,Uj))  =  ajk+1 

r|(ajk,(z,u))  =  Vjk.j    for  all   (z,u)  e  XxA 
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and  for  k  =  m(j) 

<|>(a.jm0,(z,u))  =  a-m(-}    for  all   (z,u)  e  XxA\(xj',A  -  Uj)   and   <J>(cCjm(j),(Xj',A  - 

Uj))  =  a0 

r|(ajm(j))(z,u))  =  Vj^qj.!)    for  all    (z,u)  e  XxA 

Now  consider  the   m   transitions  that  encounter  a  critical  race  in  the 
desired  path.  From  the  state   ctj    when  the  pair  to  change  is  recognized,  a 

set  of  controller  states  and  transitions  as  in  the  controller  of  (5.1.1)  will  take 
the  machine  from   x-    to  the  critical  race.  The  critical  race  is  then 

encountered  and  the  machine  goes  to  one  of  its  next  stable  states.  The 
controller  needs  a  state  like  the  state  ax  to  wait  in  until  the  next  stable  state 

of  the  critical  race  is  reached.  The  controller  then  needs  another  set  of 

states  and  transitions  like  (5.1.1)  to  send  each  outcome  of  the  race  to  the 
state  x-\  i.e.  the  part  of  the  controller  for  the  transitions  that  encounter  a 

race  will  be  of  the  form   C((xj,u-),wj,Zj'),  then  a  wait  state  for  the  outcome  of 

the  race,  then    C((z]<,uk'),wk,Xj'),  k  =  1.  ...,  q(j),  j  =  /+l,...,p.  Here  the    zk's 

are  the  possible  outcomes  of  the  race,  and   z-'  is  the  race  in  the  jth 

transition  path.  The  controller  part  for  the  transitions  that  encounter  the 

critical  race,  branch  into   q(j)  parallel  parts  to  fix  the  effect  of  the  race  and 

then  converge  back  at  the  terminal  state  of  the  controller. 

Now  assume  that  there  is  a  controller   C    such  that  all  members  of 
Mcls  are  equivalent  to  I'  and  that  SfM)  2  S^-DCL').  This  implies  that 

there  is  at  least  one  state   x'   which  is  stably  reachable  from  a  state   x  in  Z', 
but  not  in  all  the  machines   I-   of  M,  i  =  l,...,q.  There  is  then  at  least  one  Zj 

for  which   x'   is  not  stably  reachable  from  x.  There  is  then  a  path  from  x  to 
x'  in  I'   and  not  in  at  least  one   I-.  This  implies  that  for  some  point  along 

this  path  that  there  is  a  stable  transition   s'(x,u)  which  takes  on  a  different 
state  value  than   Sj(x,u)   and  that  this  state  is  not  stably  reachable  from  x 
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in  I.  Recall  that  when  Xic|s  is  equivalent  to  I',  the  stable  transition 
function  of  Iic  |      must  take  on  the  same  value  as  the  transition  function  of 

£'   at  all  valid  pairs.  We  have  shown  in  Theorem  (5.2.2),  that  this  is  not 
possible  when    S^-^d^  2  S^-1^!').  Thus  there  is  at  least  one   Iic)  s    which 

is  not  equivalent  to   I'    contradicting  our  assumption.  Thus  whenever  a 
controller  C   exists  such  that  all  members  of  Mc|s  are  equivalent  to   I' 

then  the  relation  5fM)  >  S^-^d')   must  hold.  ♦ 


In  effect,  Theorem  (5.3.2)  gives  a  controller  C   that  fixes  the  effects  of 
a  critical  race.  The  corrective  controller  ensures  all  members    Zj   of  the 

critical  race  family  of  machines    M    exhibit  the  same  deterministic 
behavior.  We  must  ensure  for  consistency  that  the  corrective  controller  does 
not  need  to  output  different  values  to  two  or  more  different  members  of  the 
critical  race  family  when  they  are  in  the  same  state  receiving  the  same 
reference  input. 

(5.3.3)  PROPOSITION.  Consider  a  critical  race  family  of  machines   M  =  {Zlf 
I2>  ■••»  £q)   induced  by  a  machines   I  with  a  single  critical  race.  Let  C  be  a 
controller  such  that  all  members  of  Mc|s   are  equivalent  to  a  machine   E\ 

Pick  any  valid  pair  (x,v)  from  I.  The  controller  C   outputs  the  same  value 
to  all  members  L-  of  M,  i  =  l,...,q,  at  the  state  x  with  the  reference  input 

v. 

PROOF.  Recall  that  the  members  of  a  critical  race  family  of  machines  all 
have  the  same  input  set,  the  same  output  set,  the  same  state  set,  and  the 
same  output  function.  Their  transition  functions  are  also  the  same  at  all 
valid  pairs  except  that  of  the  critical  race. 
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Consider  now  a  transition  from  a  potentially  stable  state  x  of  M  to  a 

potentially  stable  state  x'  stably  reachable  in  the  family  M  from  the  state 

x.  By  the  choice  of  x'   there  is  either 

(i)  A  path  from   x   to   x'    which  is  the  same  in  all  members  of  M,  or 

(ii)  A  set  of  machines    Mf  c  M,  which  all  have  the  same  path  from  x  to   x', 

and  a  set  of  machines   Mr  =  M  -  Mf  each  having  a  different  path  from  x  to 

x'.  This  difference  is  due  to  the  critical  race. 

Consider  case  (i).  The  path  from   x   to   x'   is  the  identical  in  all 

members  of  the  family   M.  Thus,  since   M   is  a  critical  race  family  of 

machines  and  the  members  of  M   have  the  same  transition  functions 

except  at  the  critical  race,  the  same  input  list  will  drive  all  the  members  of 

M  from  x   to   x'.  We  can  see  this  by  looking  at  the  controller  constructed  in 

(5.3.2),  that  for  any  transitions  that  do  not  encounter  a  critical  race,  the 
same  input  list  w  is  provided  to  all  the  machines   Xi  of  M,  i  =  1,  ...,  q. 

Thus  the  corrective  controller   C   provides  the  same  value  to  each  member 

of  M   for  the  same  state  and  reference  input. 

Now  consider  a  transition  that  encounters  a  critical  race,  case  (ii). 
An  identical  input  list  is  provided  to  all  machines   Ij   of  M,  i  =  l,...,q,  until 

the  critical  race  is  encountered.  Only  after  the  critical  race,  are  different 
inputs  provided  depending  on  the  machine   Sj  of  M,  i  =  l,...,q.  However, 

these  different  output  values  are  provided  at  different  values  of  the  states, 
since  the  members  Z-   of  M,  i  =  1,  ...,  q,  differ  in  their  next  stable  state  after 

a  critical  race.  Thus  the  same  value  is  provided  by  the  controller  C  to  all 
machines   I-   of  M,  i  =  l,...,q,  at  the  same  state  and  reference  input.  ♦ 
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The  results  obtained  in  this  paper  are  valid  for  any  family  of 
machines  which  has  the  same  properties  as  a  critical  race  family  of 
machines. 


CHAPTER  6 
EXAMPLES 


6.1  Example  1 

Consider  the  stable  state  machine  Ljs  =  (A,Y,X,s,h)  induced  by  a 
machine  Z  =  (A,Y,X,f,h).  Denote  the  state  set  of  I  by  X  =  {xq,x1,x2},  the 
input  set  of  I  by  A  =  {a,b,c},  and  the  output  set  of  I  by  Y  =  X.  The 

transition  function  f  of  I  is  defined  by 

f(xQ)a)  =  x0     f(xl5a)  =  x2     flx2,a)  =  x2 

f(x0,b)  =  xx     ftx^b)  =  xx     f(x2,b)  =  xx 
f(x0,cj  =  critical  race  fCx^c)  =  x±     f(x2,c)  =  x2 

The  possible  outcomes  of  the  critical  race  (x0,c)  are  the  states  x1 
and  x2.  The  output  function  h  of  I  is  defined  by  hCxj)  =  Xj  for  all  x^  e  X. 

The  faulty  machine    I   induces  a  critical  race  family   M   of  two  machines 

M  =  {LVZ2},  where   Z1  =  (A,Y,X,f1}h)   and   I2  =  (A,Y,X,f2,h).  The  transition 

function   fx  of  I1  is  defined  by  f^Xj.u)  =  f(xi?u)  for  all  (x^u)  e  XxA\(x0,c), 

and  f-^XQjC)  =  x-^.  The  transition  function  f2  of  S2  is  defined  by  f2(xj,u)  = 

ftx-,u)  for  all  (x^uj  e  XxA\(x0,c),  and   f2(x0,c)  =  x2. 

The  machines   Ix   and  I2   induce  the  stable  state  machines   Z1  ( s 

and  I2|s  respectively.  The  stable  transition  functions  s-l  of  L-^  and  s2  of 

Z2  are  defined  by 

SjCxg.a)  =  x0  s1(x1,a)  =  x2  s^x^a)  =  x2 

sxl  :0,b)  =  x1  s^U^b^X]^  s1(x2,b)  =  x1 

S|(xq,c)  =  x-^  s^(x-pC)  =  x-^  s^(x2,c)  =  x2 
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and 

S2(xQ,a)  =  Xq  s.2(x^,a)  =  X2  S2(x2>a)  =  X2 

s2(x0,b)  =  x1  s2(x1,b)  =  x-l  s2(x2,b)  =  xx 

S2(Xq,cJ  =  X2    S2(x^,cj  =  X^  S2(X2,C)  =  X2 


The  one-step  matrices  of  stable  transitions  RCZj)  and  R(I2)  of  Zj 

/Ma}     {b}       (c)     \ 


and  Z2   respectively  are 

-Ma}    {b,c}  N     A 

R(Z:)  =      N    {b,c}  {a} 

v  N      lb}  {a,c}  j 


R(I2)  = 


N    {b,c}     {a} 
^  N      {b}     {a,c}  J 


The  matrices  of  stable  transitions  R^C!-^  and  R^2)(Z2)  of  Sj  and 


Z2  respectively  are 

/  {a,aa}    ib,c,ab,ac,bb,bc,cb,cc} 


R(2)(ZX)  = 


{ba,ca} 


A 


N  {b,c,bb,bc,cb,cc,ab}  {a,ba,ca,aa,ac} 

I      N  }b,bb,bc,ab,cb}  {a,c,ba,aa,ac,ca,cc}  J 

(  {a,aa}        {b,ab,bb,bc,cb}  {c,ac,ba,ca,cc}       \ 


R(2)(Z9)  = 


N       {b,c,bb,bc,cb,cc,ab}        {a,ba,ca,aa,ac} 
^     N  {b,bb,bc,ab,cb}        {a,c,ba,aa,ac,ca,cc}  J 


The  one-step  skeleton  matrices  SCZ^  and  S(Z2)  of  Zj  and  Z2 
respectively  are 


/110\ 


Sdi)  = 


nin 


S(Z2)  = 


0  1  1 


0   1    1 

The  skeleton  matrices   S^CI^  and  S(2)(I2)  of  Z1  and  I2 
respectively  are 


s^czp  = 


(  1  1  M 
0  1  1 


s»>au)  = 


(\  1  1^ 

0  1  1 

,0   1   1, 
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The  skeleton  matrix  SfM)  of  M  is 

nin 


5fM)  = 


Oil 


We  choose  the  machine   I '  =  (A,Y,X,s',h)    as  the  desired  model  to 

match.  The  transition  function   s'   of  I'   is  defined  by 

s'(x0,a)  =  x0  s'(x1,a)  =  x2  s'(x2,a)  =  x2 

s'(x0,b)  =  x1  s'(x1,b)  =  x-l   s'(x2,b)  =  x± 
s'(x0,c)  =  x2  s'(x1;c)  =  Xj_   s'(x2,c)  =  x2 

The  one-step  matrix  of  stable  transitions   R(X')  of  Z'  is 

f{a)     {b}       {c}     A 

N     {b,c}     {a} 


R(I')  = 


^  N      {b}     {a,c}  J 


The  matrix  of  stable  transitions   R^(I')  of  X'  is 

(  {a,aa}        {b,ab,bb,bc,cb}  {c,ac,ba,ca,cc}       ^ 


R('2to  = 


N       {b,c,bb,bc,cb,cc,ab}        {a,ba,ca,aa,ac} 

N  {b,bb,bc,ab,cb}        {a,c,ba,aa,ac,ca,cc}  J 


The  one-step  skeleton  matrix   S(I')  of  X'  is 

nin 


S(I')  = 


0   1    1 

v0   1    1, 


The  skeleton  matrix   S^(I')  of  X'   is 

f  I    I    l\ 


S(2)(I')  = 


0    1    1 
,0   11, 
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On  comparison  of  Z|s   and  I',  we  can  see  that   s  =  s'   at  all  pairs 
except   (xq,c).  The  corrective  controller  must  ensure  that  whenever  the  pair 
(xq,c)  occurs  after  a  stable  combination  of  the  state  xQ  that  the  closed  loop 
system  Ic  |  s  enters  the  state  x2  as  its  next  stable  state.  Then  the  closed 
loop  system  Ic|s  will  be  equivalent  to  the  model  I'. 

We  construct  the  corrective  controller   C  =  (AxY,A,Z,<J>,"r|)-  The  state 
set  5  of  the  controller  consists  of  4  states,  which  we  denote  by  the  symbols 
Z  =  {aQ,a1,a2,a3}.  We  define  the  transition  function  from  the  state  a0  by 
setting  (J)(a0,(z,u))  =  a0  for  all  (z,u)  e  XxA\(xQ,a)  and  (J)(a0,(x0,a))  =  av  The 
value  of  the  output  function  for  the  same  state  is  n(aQ,(z,u))  =  u  for  all  (z,u) 

g  XxA. 

The  transition  function  from  the  state  o^  is  defined  by  setting 
0(a1,(xo,c))  =  a2,  0(0^, (x0, a))  =  o^  and  (Kct^Cz.u))  =  oc0  for  all  other  (z,u)  e 
XxA.  The  value  of  the  output  function  at  the  same  state  is  nXa-pCzjU))  =  a  for 
all    (z,u)  e  XxA. 

The  rest  of  the  transition  function  and  output  function  are  given  by 
<J)(a2,(z,u))  =  a2  for  all  (z,u)  e  XxA\(x1(c)  and  ^(a2,(xl,c))  =  a3 

n(a2,(z,u))  =  b  for  all   (z,u)  e  XxA 

<J)(a3,(z,u))  =  a3  for  all  (z,u)  e  XxA\(x2,{a,b})  and  (})(a3,(x2,{a,b}))  =  a0 

rj(a3,(z,u))  =  a  for  all   (z,u)  e  XxA  ♦ 
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6.2  Example  2 


Consider  the  machine   I  described  by  the  following  table 


Table  6.2.1.  The  machine  I  of  Example  6.2 


xlx2 

xxx2 

ulu2 

00 

01 

11 

10 

00 

11 

00 

10 

01 

01 

11 

00 

11 

01 

11 

11 

00 

10 

11 

10 

11 

10 

10 

11 

We  can  see  the  machine   I   has  two  races  at  the  state/input  combinations 
x1x2/u1u2  =  00/00  and   11/01.  The  race  x1x2/u1u2  =  00/00,  is  a  non-critical 

race,  the  next  stable  state  of  the  state/input  pair  00/00  is  always  11.  The 
race  x1x2/u1u2  =  11/01,  however,  is  a  critical  race.  The  state/input  pair 

11/01  has  three  possible  next  stable  states,  01,   11,  and  10. 

We  denote  the  machine   I  by  I  =  (A,Y,X,f,h),  where  the  state  set  of 
I  is  the  characters  X  =  {x0,x1,x2,x3},  and  xQ  =  00,  x±  =  01,  x2  =  11,  and  x3  = 

10.  The  input  set  of  I  is  denoted  by  A  =  {a,b,c,d},  where  a  =  00,  b  =  01,  c  = 

11,  and  d  =  10. 

We  can  define  the  transition  function  f  of  I  by 

f(x0,aj  =  x2     f(x:,a)  =  x2     f(x2,a)  =  x2     f(x3,a)  =  x2 

f(xQ,b)  =  Xq     ftx-pb)  =  Xq     flx9,b)  =  critical  race  flx3,b)  =  x3 

f(x0,c)  =  x3     ftx^c)  =  x2     f(x2,c)  =  x3     f(x3,c)  =  x3 

f(x0,d)  =  x:     Rxpd)  =  x:     f(x2,d)  =  x2     f(x3,d)  =  x2 

And  we  define  the  output  function  h  of  I  by  h(x^)  =  Xj  for  all  xj  e 
X.  The  possible  outcomes  of  the  critical  race  are  the  states  x0,  x1?  and  x3. 
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The  faulty  machine   I  induces  a  critical  race  family  M  of  three 
machines,  M  =  {I^.I^Lg},  where   Ij  =  (A.Y.X.f^h),   I2  =  (A,Y,X,f2,h),  and 

I3  =  (A,Y,X,f3,h).  The  transition  function   f1   of  !•]_  is  defined  by  f^x^u)  = 
fl[xj,u)  for  all  (xj.u)  e  XxA\(x2,b),  and   f^x.^b)  =  x0.  The  transition  function 
f2  of  X2  is  defined  by  f2(x-,u)  =  f(xj,u)  for  all  (x^u)  e  XxA\(x2,b),  and 
f2(x2,b)  =  Xj.  The  transition  function  f3  of  I3  is  defined  by  f3(xj,u)  =  flx^u) 
for  all  (xj,u)  e  XxA\(x2,b),  and  f3(x2,b)  =  x3. 

The  machines   I1;  I2,  and  I3   induce  the  stable  state  machines 
I-|js,  I2|s,  and  I3)s   respectively.  The  stable  transition  functions   Sj_  of  Z1? 
s2  of  I2,  and  s3  of  I3  are  defined  by 


S]_(xQ,a) 

=  x2 

s^x^a) 

=  x2 

s1(x2,a) 

=  x2 

s1(x3,a) 

=  x2 

s1(x0,b) 

=  x0 

s^x^b) 

=  xQ 

s1(x2,b) 

=  x0 

s1(x3,b) 

=  x3 

S^(Xq,C; 

=  x3 

s1(x1,c) 

=  x3 

s1(x2,c) 

=  x3 

s^(x3,c) 

=  x3 

Si(x0,d) 

=  xl 

s^x^d) 

=  Xl 

s1(x2,d) 

=  x2 

s1(x3,d) 

=  x2 

s2(x0,a) 

=  x2 

s2(x-^,a) 

=  x2 

s2(x2,a) 

=  x2 

s2(x3,a) 

=  x2 

s2(x0,b) 

=  x0 

s2(x1,b) 

=  x0 

s2(x2,b) 

=  xo 

s2(x3,b) 

=  x3 

s2(x0,c) 

=  x3 

s2(x1,c) 

=  x3 

s2(x2,c) 

=  x3 

s2ix3,c) 

=  x3 

s2(x0,d) 

=  X1 

s2(x1,d) 

=  Xj 

s2(x2,d) 

=  x2 

s2(x3,d) 

=  x2 

and 

s3(x0,a) 

=  x2 

s3(x1,a) 

=  x2 

s3(x2,a) 

=  x2 

s3(.x3,aj 

=  x2 

s3(x0,b) 

=  x0 

s3(x1,b) 

=  x0 

s3(x2,b) 

=  x3 

s3(x3,b) 

=  x3 

s3(x0,c) 

=  x3 

s3(x1,c) 

=  x3 

s3(x2,c) 

=  x3 

s3(x3,c) 

=  x3 

s3(x0,d) 

=  xl 

s3(x1,d) 

=  Xl 

s3(x2,d) 

=  x2 

s3(x3,d) 

=  x2 

We  can  see  from  the  stable  transition  functions  s1  of  ll  and  s2  of 
Z2  that  the  stable  state  machines  1^     and  Z2is  are  identical. 


71 


The  one-step  matrices  of  stable  transitions  R(Z1),  R(Z2)  and  R(Z3) 

of  Z1?  I2,  and  I3   respectively  are 

/{d}    Id}      {a}       {c}    \  f{h)    {d}     {a}       {c}    ^ 


R(ZX)  =  R(I2)  = 


lb}    {dl      {a}       {c} 
{b}    N     {a,d}     {c} 
V  N     N     {a,d}    lb,c}  J 


R(I3)  = 


{b}    {d}     {a}       {c} 
N    N    (a,d)    (b,c) 
V  N     N    (a,d)    (b,c)  J 


The  one-step  skeleton  matrices  S(Z1),  S(I2),  and  S(I3)  of  Z1?  I2, 

and  £3  respectively  are 

/l    1   1   1\  /l   1   1  1\ 


SCZ^  =  S(I2)  = 


1111 

10   11 

Vo  0  1  1  J 


S(L2)  = 


1111 

0   0   11 
Vo  0  1  1  J 


The  skeleton  matrices   S^CZ^,  S(3)(I2),  and  S(3)(Z3)  of  Zv  Z2,  and 
I3  respectively  are 


S^ap  =  S^)(i2)  = 


1111 
1111 

vim; 


S<3>(I„)  = 


1111 

0  0   11 

Vo  0  1  1  J 


The  skeleton  matrix  SfM)  of  M  is 

/I    1   1   1^ 

1111 

SfM)  = 

0   0   11 

Vo  0  1   1  J 


We  first  choose  the  machine    I '  =  (A,Y,X,s',h)    as  the  desired  model 

to  match.  We  define  the  transition  function   s'   of  Z'  by 

v  ,,a)  =  x2  s'(xl5a)  =  x2  s'(x2,a)  =  x2  s'(x3,a)  =  x2 


s'(x0,b)  =  x0   s'(x1,b)  =  x0  s'(x2,b)  =  x0  s'(x3,b)  =  x3 
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s'(x0,c)  =  x3   s'(x1,cj  =  x3  s'(x2,c)  =  x3  s'(x3,c)  =  x3 
s'(x0,d)  =  xx  s'(x1(d)  =  x^^  s'(x2,d)  =  x2  s'(x3,d)  =  x2 

Which  is  how   X    would  behave  if  it  were  a  race-free  machine.  We  can 
see  that  the  machine   I'   is  identical  to  the  machines   I1|s   and  Z2]s.  Thus 

the  skeleton  matrix   S^)(I')  of  I'  is 

f\   1   1   1^ 

1111 

1111 

Vi i  i  \) 


S^)(i')  = 


Recall  that  the  skeleton  matrix  of  the  critical  race  family  M  is 

1111 


S(M)  = 


0   0   11 

Vo  o  i  i  J 


Comparing  SfM)  to  S^)(D  we  find  that  iW)  2  S<3)(Z'),  so  by 
Theorem  (5.3.2)  there  is  no  controller   C    such  that  all  members  of  Mc|s 
are  equivalent  to  I'.  Specifically,  stable  transitions  from  the  states  x3  and 
x2  to  the  states  xQ  and  Xj_  are  not  achievable  by  X3  (  ,  so  there  is  no 
controller  C    such  that  the  machine   S3c|s   is  equivalent  to   I'. 


We  next  choose  the  machine    I"  =  (A,Y,X,s",h)    as  the  desired  model 

to  match.  We  define  the  transition  function    s"    of  I"   by 

s"(x0,aj  =  x2  s'Xx-^a)  =  x2  s"(x9,aj  =  x2  s"(x3,a)  =  x2 

s"(x0,b)  =  x0  s"(x1,b)  =  x0  s"(x2,b)  =  x3  s"(x3,b)  =  x3 

s"(x0,c)  =  x3  s"(x1,c)  =  x3  s"(x2,c)  =  x3  s"(x3,c)  =  x3 

s"(x0,d)  =  xl  s"(x1(d)  =  x1  s"(x2,d)  =  x2  s"(x3,d)  =  x2 
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We  can  see  that  the  machine    I"   is  identical  to  the  machine   I3 1  . 

Thus  the  skeleton  matrix  of  I"   is 
/I    1    1    1^ 

1111 

s^Hz")  = 

0011 

\o  0  1  1  J 

Comparing  5fM)   with  S(3>(I")  we  find  that  SfM)  >  S(3)(I").  We 
construct  a  controller  C  =  (AxY,A,Z,0,ri)   so  that  all  members  of  Mc(s  are 

equivalent  to   I"   as  follows. 

The  state  set  Z  of  the  controller  consists  of  3  states,  which  we  denote 
by  the  symbols  E  =  {a0,a1,a2}.  We  define  the  transition  function  (J)  of  the 
controller  C  from  the  state  aQ  by  setting  <j)(aQ,(z,u))  =  aQ  for  all  (z,u)  g 
XxA\{(x2>a),(x2,d)}   and  0(ao,(x2,a))  =  a1(  0(ao,(x2,d))  =  a1.  The  value  of  the 
output  function  for  the  same  state  is   r|(a0,(z,u))  =  u  for  all  (z,u)  e  XxA. 

The  transition  function  from  the  state   a1  is  defined  by  setting 
0(a1,(x2)b))  =  a2,  0(alf(x2,a))  =  av  (t)(als(x2,d))  =  a1,  and  0(a1,(z,u))  =  a0  for 

all  other  (z,u)  e  XxA.  The  value  of  the  output  function  at  the  same  state  is 

rj(a1,(z,u))  =  d  for  all   (z,u)  e  XxA. 

The  rest  of  the  transition  function  and  output  function  are  given  by 
<))(a2>(z,u))  =  a2  for  all  (z,u)  e  XxA\(x3,{a,c,d})  and  <j)(a2,(x3,{a,c,d}))  =  a0 

ri(a2,(z,u))  =  c  for  all  (z,u)  e  XxA  ♦ 


CHAPTER  7 
OTHER  RESULTS 


7.1  Multiple  Races 

The  present  work  deals  with  machines  with  at  most  one  critical  race. 
This  can  be  extended  to  cover  the  case  of  multiple  critical  races  in  a 
machine.  The  critical  race  family  of  machines  will  be  slightly  modified, 
and  the  corrective  controller  will  be  more  complex,  but  the  results  on  the 
existence  of  a  corrective  controller,  Theorem  (5.3.2),  are  valid  with  the 
skeleton  matrix  of  the  critical  race  family  of  machines  induced  by  a 
machine  with  multiple  critical  races. 

Consider  such  a  machine    I  =  (A,Y,X,f,h)   and  let   £   have   k   critical 

races  pairs   (x^uj)  e  XxA,  i  =  1,  ...,  k.  Denote  the  number  of  outcomes  of  the 

k 
critical  race   (x^u^  by  q(i),  i  =  1,  ...,  k.  There  are  then     r]  q(i)   permutations 

i=l 

k 
of  critical  race  outcomes  in  I,  we  denote  this  number  by  q  :  =    rj  q(i).  We 

i=l 
build  the  critical  race  family  of  q   machines  M  =  {L^,  ...,  XQ},  all  having  the 

same  input  set,  the  same  output  set,  the  same  state  set,  and  the  same 
output  function,  and  whose  transition  functions  are  identical  at  all  points 
except  for  those  of  the  critical  race  pairs   (x^Uj),  i  =  1,  ...,  k.  At  these  points 

the  value  of  the  transition  function  f   of  the  machine  I:   takes  on  the 

values  corresponding  to  the  jth   permutation  of  the  critical  race  outcomes,  j 
=  1,  •••,  q. 
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Consider,  for  example,  a  machine    I   with  two  critical  races,  one 

having  two  outcomes  and  the  other  having  three  outcomes.  Denote  the  two 
critical  races  by  (x1,u1^   and  (x2,u2),  and  their  possible  outcomes  by 
{x11,x12}   and   {x21,x22,x23}    respectively.  There  are  six  possible  permutations 

of  critical  race  outcomes,  and  we  construct  the  critical  race  family  of 
machines   M  =  (L-^,  E2,  ••■>  ^    which  has  six  members.  The  transition 
function  fx  of  the  machine  L-,    at  the  critical  race  pairs  is  defined  by 
f1(x1,u1)  :  =  x11  and  f^x.?,^)  :=  x21/ The  rest  of  the  transition  functions  f-  of 
L-,  j  =  2,...,  6,  are  defined  at  the  critical  races  by  f2(x1,u1)  :=  x11  and 
f2(x2,u2)  :=  x22,  f3(x1,u1)  :=  xn  and  f3(x2,u2)  :=  x23,  f4(x1,u1)  :=  x12  and 
f4(x2,u2)  :=  x21,  f5(x1,u1)  :=  x12  and  f5(x2,u2)  :=  x22,  f6(xltUj)  :=  x12  and 
f6(x2,u2)  :=  x23. 

The  skeleton  matrix   SfM)   of  a  critical  race  family  of  machines   M 
induced  by  a  machine    I    with  one  or  more  critical  races  is  constructed  as 
in  (5.4.2). 

This  leads  to  the  following  two  results. 

(7.1.1)  PROPOSITION.  Let  M  =  {I1,Z2,...,Z  )  be  a  critical  race  family  of  q 

machines  induced  by  a  machine    Z  =  (A,Y,X,f,h).  Let   L'  =  (A,Y,X,s',h)   be  a 
stable  state  machine  and  let   #X  =  n.  Pick  any  machine   I-   from  M,  i  = 

l,...,q.  The  following  two  statements  are  equivalent. 

(i)  There  exists  a  controller  Cj    such  that  the  stable  state  closed  loop  system 

Iicls  is  equivalent  to  the  machine   I'. 

(ii)  The  skeleton  matrix    S'""1^)   satisfies   S^-Ddj)  >   S^-^d'). 

(7.1.2)  THEOREM.  Let  M  =  (I^Eg,...,!  }  be  a  critical  race  family  of 
machines  induced  by  a  machine    I  =  (A,Y,X,f,h)    that  has  one  or  more 
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critical  races.  Let   I'  =  (A,Y,X,s',h)   be  a  stable  state  machine  and  let   #X  = 

n.  The  following  two  statements  are  equivalent. 

(i)  There  is  a  controller  C   such  that  all  members  of  Mc  |  s  are  equivalent  to 

r. 

(ii)  The  skeleton  matrix  SfM)   satisfies  SfM)  >  S^-^CL'). 

The  proof  for  necessity  is  the  same  as  that  given  for  Theorem  (5.3.2), 
however,  the  construction  of  the  controller  to  show  sufficiency  is  involved 
and  not  complete  at  this  time. 

7.2  Isomorphic  Machines 

In  control  theory,  the  outputs  of  systems  are  not  usually  relabeled. 
The  outputs  of  physical  systems  correspond  to  specific  physical  things,  like 
airplane  pitch  or  roll,  so  relabeling  the  outputs  does  not  make  sense. 
However,  the  states  of  a  physical  system  can  be  relabeled  through  a  state 
transformation,  and  the  inputs  of  a  system  can  be  relabeled  through 
precompensation. 

Currently  our  model  matching  problem  involves  finding  a  controller 
such  that  the  closed  loop  system  of  (1.1)  is  equivalent  to  some  desired  model. 
In  some  cases  two  machines  differ  from  each  other  only  by  the  names  of 
their  states,  the  names  of  their  outputs,  the  names  of  their  inputs,  but 
otherwise  exhibit  identical  properties.  Two  such  machines  are  usually  said 
to  be  "isomorphic,"  we  can  also  use  this  notion  as  a  method  of  comparison 
between  two  machines. 
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Consider  two  machines    I  =  (A,Y,X,f,h)    and    I'  =  (A,Y,X',f  ,h').  A 
morphism  or  state  mapping  *¥  :  L  — »  L'   is  a  partial  function  4*  :  X  -»  X' 

satisfying 

i)  ^[xq]  =  x0',  i.e.  the  initial  state  of  I  is  mapped  to  the  initial  state  of  Z\ 

ii)   fOF[x],u)  c  W(x,u)] 

iii)    h'^W.u)  c  h(x,u) 

for  all   x  €  X  and  u  e  A. 

A  state  mapping  *+*  is  proper  if  flx,u)  *  0   and  ^[x]  *  0  imply 

^[flx.u)]  *  0   for  all  x  e  X  and  u  e  A.  From  this  we  can  deduce 

fmx],w)  =  W(x,w)]   if  ¥[x]  *  0 

h'(vF[x],w)  =  rj(x,w)  if  ^[x]  *  0. 

The  identity  mapping    1£  :  E  — »  E',   ls  :  X  — >  X  is  a  state  mapping. 
The  composition  of  two  state  mappings  is  also  a  state  mapping,  and  if  two 
state  mappings  are  proper  so  is  their  composition. 

Two  machines    I  =  (A,Y,X,f,h)    and    I'  =  (A',Y',X',f ,h')    are  said  to 
be  isomorphic  if  there  exists  three  bijective  maps   x¥l  :  X  — >  X',  ^  :  A  — »  A', 
and  4*3  :  Y  -*  Y'   such  that,  for  all  states   x  e  X  and  all  input  characters  u 

g  A,  we  have 

yjflx.u)]  =  f[MJ1(x),M>2(u)],  and 

4>3[h(x,u)]  =  h'[vF1(x),^2(u)]. 

The  triple  (4^,  HK2,  M^)   is  referred  to  as  an  isomorphism  between  the 
machines    I   and   I'.  Intuitively,  two  machines  are  isomorphic  whenever 
one  can  be  obtained  from  the  other  simply  by  renaming  the  states,  the  input 
characters,  and  the  output  characters. 
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Using  the  notion  of  isomorphic  machines  we  can  restate  the  results 
of  Theorem  (5.1.3),  Lemma  (5.2.2),  Proposition  (5.3.1),  and  Theorem  (5.3.2) 
as  follows. 

(7.2.1)  PROPOSITION.  Let  I,s  =  (A,Y,X,s,h)  be  the  stable  state  machine 
induced  by  a  machine   I  =  (A,Y,X,f,h).  Choose   k   states   x^e  X,  i  =  l,...,k, 
and  k   sets  of  input  values  Aj  c  A.   where   A-   is  a  set  of  inputs  which  form 
valid  pairs  with  the  state  x-,  i  =  l,...,k.  Let  x-'  e  X  be  any  state  stably 
reachable  from   Xj,  i  =  l,...,k.  Then,  there  is  a  controller   C   such  that  the 
stable  state  closed  loop  system  L  |     is  isomorphic  to  a  machine  £'   that  has 

the  following  properties: 

(i)  I'  =  (A,Y,X,s',h)    has  the  same  input,  output,  and  state  sets,  as  well  as 

the  same  output  function,  as  the  machine    Z\  s. 

(ii)  The  transition  function   s'   of  I'  is  equal  to  the  transition  function  s  of 

Z|s  at  all  but  the  pairs   (x^Aj)   at  which  it  takes  the  value  Xj',  i  =  l,...,k.  i.e. 

s'(z,u)  =  s(z,u)    for  all    (z,u)  e  XxA\(xi,Ai)   and   s'(xjtAj)  =  Xj',  i  =  l,...,k. 

The  isomorphism    4*  :  Ic)    —>  I'    consists  of  three  bijective  maps   *P  = 
W^^z).  Two  of  the  maps  ¥2  :  A  ->  A  and  *¥3  :  Y  ->  Y  are  identity 
maps.  The  state  map  4J1  :  (Xxa)  ->  X  relabels  the  states  of  the  stable  state 
closed  loop  system  Sc(s   to  correspond  with  the  states  of  X',  i.e.  vF1((x,a))  =  x 
for  all  x  g  X,  here  a  is  a  state  of  the  controller. 

(7.2.2)  PROPOSITION.  Let   E,s  =  (A,Y,X,s,h)  be  the  stable  state  machine 
induced  by  a  machine    I  =  (A,Y,X,f,h),  and  let    I'  =  (A,Y,X',s',h')   be  a 
stable  state  machine.   Let   #X  =  n,  and   #X'  =  n.  If  the  skeleton  matrix  S(n- 
!)(!)   of  the  machine  I  satisfies   S(n-lj(I)  >  S^-^d'),  then  there  is  a 
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controller  C   such  that  the  stable  state  closed  loop  system  Lc  (     is 
isomorphic  to  the  machine    I'. 

Referring  to  (7.2.2),  denote  the  states  of  Z  as  X  =  {xQ,x1,...,xn_1}   and 
the  states  of  I' as  X'  =  {x0,,x1,,...,xn_1'}.  Since   S^-^d)  >  S^-Dd')  then  the 
state  x-  is  stably  reachable  from  the  state  x^  in  Z  if  the  state  x-'  is  stably 
reachable  from  the  state    Xj'   in  I'.  The  isomorphism   41  :  Zc|s  — >  S' 

between  the  machines  is  slightly  different  than  before.  The  isomorphism  *F 
=  {vF1,vF2,vi>3}   consists  of  4^  :  A  — >  A  and  4^  :  Y  — >  Y,  two  identity  maps  as 
before.  The  state  map  x¥l  :  (Xxoc)  -»  X'  relabels  the  states  of  the  stable  state 
closed  loop  system  £c|s   to  correspond  with  the  states  of  I'  by  ^((x^a))  = 
X|'  for  all  x-  e  X  and  x-'  e  X',  here  again   a  is  a  state  of  the  controller. 
The  state  map  4*  ^  :  (Xxa)  — »  X'   can  be  split  into  two  separate  maps  as 
follows:  x¥1  =  4J'vFa,  where   ¥'  :  X  -»  X'  by  4/'(xi)  =  x^   and  vFa  :  Xxa  ->  X 
by  ^((x^a))  =  x{. 

(7.2.3.)  PROPOSITION.  Let  M  =  (L^Ig,...,^)   be  a  critical  race  family  of  q 

machines  induced  by  a  machine    I  =  (A,Y,X,f,h).  Let    I'  =  (A,Y,X',s',h)    be 
a  stable  state  machine  and  let   #X  =  #X'  =  n.  Pick  any  machine   I|   from  M, 
i  =  l,...,q.  If  the  skeleton  matrix   S^"1^)   satisfies   S^X^)  >  S^-Dd') 
then  there  exists  a  controller  C-   such  that  the  stable  state  closed  loop 
system    2^  |      is  isomorphic  to  the  machine    I'. 

(7.2.4)  PROPOSITION.  Let  M  =  (I^,...,!  }   be  a  critical  race  family  of 
machines  induced  by  a  machine    I  =  (A,Y,X,f,h)    that  has  a  single  critical 
race.  Let  I'  =  (A,Y,X',s',h)   be  a  stable  state  machine  and  let   #X  =  #X'  =  n. 
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If  the  skeleton  matrix  J/QVI)   satisfies  5fM)  >  S^-^d')  then  there  is  a 
controller   C    such  that  all  members  of  Mc  |      are  isomorphic  to    I'. 

The  proofs  for  sufficiency  of  these  four  propositions  are  similar  to 
those  given  in  the  proofs  of  Theorem  (5.1.3),  Lemma  (5.2.2),  Proposition 
(5.3.1),  and  Theorem  (5.3.2).  The  proof  for  necessity  is  at  this  time  not 
complete. 

It  can  be  shown  that  a  controller  can  "add"  states  to  the  closed  loop 
system  of  a  trivial  machine  (one  with  zero  states).  The  controller  states  can 
be  observed  at  the  output.  For  a  nontrivial  machine,  the  controllers 
constructed  in  this  work  do  not  create  any  new  potentially  stable  states,  but 
they  can  create  new  stable  combinations.  At  this  time,  it  is  not  clear 
whether  some  other  controller  can  "add"  states  to  a  nontrivial  machine, 
thus  necessity  for  the  propositions  (7.2.1),  (7.2.2),  (7.2.3),  and  (7.2.4)  has  not 
been  shown  at  this  time. 

There  exist  isomorpisms  which  not  only  relabel  the  states  of  a 
machine,  but  also  change  the  ordering  the  states  of  the  machine.  We  will 
now  extend  the  results  of  this  subsection  to  a  state  mapping  that  reorders 
and  relabels  the  states  of  a  machine.  First  we  define  a  needed  notion. 

Define  the  term  similar  for  two  skeleton  matrices  S  and  S'   as 
follows:   S  is  similar  to   S'   if  there  exists  a  similarity  transform  T   such 
that  TST"1  =  S'.  We  are  interested  in  transformations  which  correspond  to 
permutations  of  the  states  of  a  machine.  A  permutation  of  the  states  of  a 
machine    I   induces  a  similarity  transform   T   on   the  one-step  matrix  of 
stable  transitions   R(I)   and  the  one-step  skeleton  matrix  S(I).  A 
permutation  of  the  states  of  a  machine   I   also  induces  the  same  similarity 
transformation  T  on  the  m-step  matrix  of  stable  transitions   Rm(I),  the  m- 
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step  skeleton  matrix   Srn(I),  the  matrix  of  stable  transitions,  and  the 
skeleton  matrix.  The  matrix  T  induced  by  a  permutation  of  the  states  of  a 
machine  has  a  single  one  in  each  row  and  column. 

(7.2.5)  PROPOSITION.  Let   I  =  (A,Y,X,f,h)   be  a  machine.  An  isomorphism 
W  acting  on  Z   induces  a  similarity  transform   T   on  the  one-step  matrix  of 
stable  transitions  R(I)  and  the  one-step  skeleton  matrix  S(Z)  of  the 
machine    I. 
PROOF.  Denote  the  states  of  I  as  X  =  {x0,x1,...,xn.1}.  Let  ¥  =  {4/1,vF2,vP3}  be 

an  isomorphism  which  maps    I   to  a  machine   I  '  =  (A,Y,X',f  ,h').  Denote 
the  states  of  I'   as  X'  =  {x0',x1,,...,xn.1'}.  The  state  map  VF1  :  X  — »  X'   can 

reorder  the  states  of  X  and  relabel  them  as  the  states  of  X'  by  mapping 
each  state   x-  e  X  to   a  corresponding  state   x-'  e  X',  ^(x-)  =  X:'.  The  state 

map  VF1  :  X  — >  X'    can  be  split  into  two  separate  maps  as  follows:  4/1  =  WW^ 

where   *P*  :  X  ->  X'  by  ^'(xj)  =  x{   and  ^  :  X  ->  X  by  ^(xj)  =  Xj.  Looking 

at  an  isomorphism  acting  on  a  stable  state  closed  loop  system,  the  state  map 
XF1  :  Xxa  — »  X'   can  be  split  into  three  separate  maps  as  follows:  VF1  = 
y^T^   where   ¥'  :  X  ->  X'   by  V'U-)  =  x-,  4^T  :  X  -^  X  by  ^(xj)  =  Xj,  and 
x¥a  :  Xxa  —>  X  by  NK^Ux^a))  =  x^  In  qualitative  terms  the  map  x¥a  removes 
the  controller  state,  the  map   lFT   reorders  the  states,  and  the  map  VF' 

relabels  the  states.  The  similarity  transform  T  induced  by  the 
isomorphism    41   is  induced  by  the  map   4^. 

Recall  the  one-step  matrix  of  stable  transitions  and  the  one-step 
skeleton  matrix  are  constructed  based  on  the  order  of  the  states  of  L. 
Switching  the  order  of  two  of  the  states  of  I,   x;   and  x,  corresponds  to 

switching  row  i  with  row  j  and  column  i  with  column  j  in  both  the  one-step 
matrix  of  stable  transitions  and  the  one-step  skeleton  matrix  of  the  machine 
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I.  Row  and  column  switches  of  a  matrix  can  be  performed  by  a  similarity 
transform,  thus  the  isomorphism  induces  a  similarity  transform  on  the 
one-step  matrix  of  stable  transitions  and  the  one-step  skeleton  matrix.  ♦ 


Given  an  isomorphism    4*    we  can  construct  the  corresponding 
similarity  transform   T,  and  given  a  similarity  transform   T    we  can 
construct  the  corresponding"  isomorphism    4/. 

Let   I  =  (A,Y,X,f,h)    be  a  machine,  and  let   I'  =  (A,Y,X',f  ,h')  be  a 
another  machine.  Denote  the  states  of  I  by  X  =  {x0,x1,...,xn _l)   and  denote 
the  states  of  I'  by  X'  =  {x0',x1',...,xn _1).  Let  *¥  :  Z  — >  X'   be  an  isomorphism 

such  that  VF1  :  X  — »  X'.  Define  the  vectors    x    and    x'    by 

/xo    \  f  xo'    A 


x    = 


x     = 


vxn-iy 


VXn-l'   J 


We  construct  the  matrix   T    from  an  isomorphism    4*  :  Zs  — >  L'   as 
follows.  Start  with  the  matrix  T  equal  to  the  identity  matrix,  T  =  I.  Then, 

perform  row  switches  on  T   that  correspond  to  the  desired  state 
reorderings.  This  will  give   T  x   =  x'    to  a  relabeling  of  the  states.  Consider 
4*  which  takes  the  state   x^  of  I  to  the  state  X:'  of  I',  i.e.  4>1(xi)  =  Xj'.  For 
this  case   4/1(x-)  =  x:',  the  matrix  T  is  the  identity  matrix  with  rows  i   and 

j    switched.  By  switching  all  corresponding  rows  to  the  states  that  are 
switched  we  can  form  the  matrix   T   for  any  reordering  of  the  states  of  E. 
Another  way  of  looking  at  the  matrix  T  is,  if  ^(xp  =  X:'   then  the  ith  row 
of  T,  T-,  has  a  one  its  jth  column  and  zeros  elsewhere  in  the  row. 
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Given  a  similarity  transform    T,  we  can  construct  an  isomorphism 
¥:£->!'   where  4^  :  X  ->  X"   as  follows.  Set  V  ^x-)  =  x-    if  the  (ij)  entry 

of  the  matrix  T,  T-,  is  a  one.  Continue  this  for  all  non  zero  entries  and  the 

full  4^   will  have  been  constructed. 

The  operation  of  the  similarity  transform  T  on  matrices  of  stable 

transitions  and  skeleton  matrices  is  performed  as  follows.  Let  T  be  a 

matrix  of  ones  and  zeros,  and  let  R  be  a  matrix  over  S(A)  u  N.  Define  the 

operation  mult  for  r  e  S(A)  u  N  and  the  integers   1  and  0  by 

mult(l,r)  =  r  mult(r,l)  =  r 

mult(0,r)  =  N  mult(r,0)  =  N 

Now  consider  two   n  x  n  matrices  R  and  T  described  above.  The 

result  V  of  TR  is  defined  by 

n 

V-  :=     Umult(Tik,Rk-),i,j  =  1,  ....  n. 

J  k=l  J 

And  the  result  W  of  RT  is  defined  by 

WH:=     Umult(Rik,Tki),  i,j  =  1,  ...,  n. 

J  k=l  J 

And  TRT"1  can  be  found  by  ((TR)T"1) 

The  similarity  transform  is  performed  as  usual  for  the  skeleton 
matrix. 

(7.2.6)  EXAMPLE.  Let   I  =  (A,Y,X,f,h)  be  a  machine.  Denote  the  states  of  I 
by  X  =  {x0,x1,x2},  and  denote  the  input  set  of  X  by  A  =  {a,b,c}.  Define  the 
vector    x    by 


S4 


X     = 

vx2y 

Let  the  skeleton  matrix  and  the  matrix  of  stable  transitions  of  I  be 

nio\ 


S<2>(I)  = 


1    1    1 


R<2>(!)  = 


f  {a,c}    {b}      N     > 

{a}      {b}      {c} 
^    {a}      N    {b,c}  ; 


Let  W  be  an  isomorphism  operating  on   I  such  that  4/1  :  X  —»  X  given  by 

^1(x0)  =  x0     V1(x1)  =  x2     V1(x2)  =  x1 

The  similarity  transform  T   induced  by   ^  is 

(\  0  0\ 

=  T.l 


T  = 


0   0   1 


And   T  x    is  given  by 


(^\ 


Tx    = 


Xo 


vxi; 


TS^COT-1  is  then 


TSr2)(I)T-i  _ 


/ 1 

0 

n 

1 

1 

0 

I1 

1 

1J 

and  TR^CDT-1  is 


TR^^DT"1  = 


(  {a,c}       N      {b}  ^ 
{a}      {b,c}    N 
la)        {c}      {b}  , 
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We  can  now  restate  Proposition  (7.2.2). 

(7.2.7)  PROPOSITION.  Let  I,s  =  (A,Y,X,s,h)  be  the  stable  state  machine 
induced  by  a  machine    I  =  (A,Y,X,f,h),  and  let   I'  =  (A,Y,X',s',h')   be  a 
stable  state  machine.   Let  #X  =  #X'  =  n.  If  there  is  a  matrix  S  similar  to 
the  skeleton  matrix   S^-^d)   of  the  machine  I  such  that  S  >  S^-^d'), 

then  there  is  a  controller  C   such  that  the  stable  state  closed  loop  system 
Zc|s   is  isomorphic  to  the  machine    I'. 


7.3  Matching  Smaller  Machines 

Recall  that  the  model  matching  problem  involves  finding  a  controller 
such  that  the  closed  loop  system  of  (1.1)  is  equivalent  to  a  model  which  is  the 
same  size  as  the  machine  in  terms  of  the  number  of  states,  the  size  of  the 
input  sets,  and  the  size  of  the  output  sets.  We  may  also  want  to  match  a 
model  smaller  than  our  machine.  This  leads  to  the  definition  of  a 
submachine. 

Let  I  =  (A,Y,X,f,h)  be  a  machine  and  let  X'  c  X  be  any  subset  of  X 
containing   xQ   the  initial  state.   Define  fr  for  all  valid  pairs  (x',u)  e  X'xA 

as  follows 

I  f(x',u)    if  f(x',u)  g  X' 
fr(x',u)  = 

{  0    otherwise 

Then  define  the  output  function    h    :  X'xA  -»  Y   for  all  valid  pairs   (x',u)  e 

X'xA  by  setting 

f  h(x',u)    if  h(x',u)  *  0 
hr(x',u)  = 

0    otherwise 
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There  results  a  sequential  machine  1 1  X'  =  (A,Y,X',fr,hr)  called  the 
restriction  of  I  to  X'.  The  surjective  partial  function  *F r  :  X  — >  X',  defined 
by  4/r[x]  =  x  if  x  e  X'   and  4/r[x]  =  0   otherwise,  is  then  a  state  mapping 

called  the  restriction  mapping.  This  state  mapping  is  proper  whenever 
f(X',A)  c  X'. 

Let   I  =  (A,Y,X,f,h)    and    I'  =  (A,,Y',X,,f,h')    be  two  machines.  The 
machine    I'  is  a  submachine  of  I    whenever  the  following  holds: 
(i)   X'  c  X,   A*  c  A,   Y'cY 

(ii)   f  (x,u)  =  f(x,u)   restricted  to   x  g  X',  u  g  A'   and 
(iii)   h'(x,u)  =  h(x,u)    restricted  to    x  g  X',  u  g  A'. 

Let   I  =  (A,Y,X,f,h)    and    X1  =  (A',Y',X',f  ,h')    be  two  machines.  The 
machine    I'   is  a  generalized  submachine  of  the  machine   I   if  there  exists 
a  machine   Ix   isomorphic  to   X',  such  that  Ej   is  a  submachine  of  E. 

We  can  now  state  the  following  result. 

(7.3.1)  PROPOSITION.  Let    X|s  =  (A,Y,X,s,h)   and   I,  s'  =  (A,Y,X',s',h)   be 
two  stable  state  machines  induced  by  the  machines   X  and  X'   respectively. 
Let  X'  c  X,    I  X  I  =  n,  and    I  X'  |  =  m.  If  there  is  a  matrix   S   similar  to  S^n' 
1-)(X)  such  that  the  left  upper  m  x  m   sub  matrix  Sm   of  S   satisfies  Sm  > 
g(m-l)(£')   then  there  exists  a  controller   C    such  that  a   m-dimensional 
submachine  of  the  stable  state  closed  loop  system  Xc  |     is  equivalent  to  the 
machine    X|s'. 

For  Xc  |  s  to  be  isomorphic  to  X  |  '  we  need  a  bijective  state  map  4/1 
which  satisfies  x¥l  :  (Xxa)  — >  X'.  Denote  the  n  states  of  X  by  X  = 
(xQ,Xj_,...,xn.j)   and  a  state  of  our  controller  as  a.  The  set  of  states  for  the 
stable  state  closed  loop  system  is  then  (Xxoc)=  {(x0,a),(x1,a),...,(xn_1,a)}.  The 
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states  of  our  controller  do  not  add  to  the  cardinality  of  the  state  set  of  the 
closed  loop  system,  |  (XxoO  I  =  I  X  I .  Thus  the  closed  loop  system  Zc  |     has 

the  same  number  of  states  as  the  machine   1 1   .  This  implies  that  we 

require   n  >  m   in  the  previous  proposition. 

This  cardinality  requirement  is  also  true  for  input  and  output  sets  of 
Z|s   and  Z|s'    if  they  differ.  Consider  the  two  machines     I  \     =  (A,Y,X,s,h) 

and   Z|  '  =  (A',Y',X',s',h').  If  I  A  |  >  |  A' |     the  input  characters  used  to 

match  the  model  are  restricted  to  the  subset  of  A  in  the  submachine  of 
Zcls   that  is  mapped  into   A'   by  the  isomorphism.  If    |Y|  >  |Y'      the  output 

characters  used  to  match  the  model  are  restricted  to  the  subset  of  Y  in  the 
submachine  of  Ic|s   that  is  mapped  into   Y'   by  the  isomorphism. 


7.4  General  Families  of  Machines 

There  is  no  guarantee  that  a  controller  would  not  need  to  provide  two 
different  outputs  for  the  same  state  and  reference  input  by  only  looking  at 
the  skeleton  matrix  for  a  general  family  of  machines.  Recall  the  skeleton 
matrix  identifies  all  possible  stable  transitions  between  potentially  stable 
states  of  a  machine,  but  not  the  inputs  required  or  the  paths  taken  for  the 
stable  transitions. 

There  may  not  be  any  similarity  in  the  transition  functions  of  the 
members  of  a  family  of  machines.  Thus,  even  though  a  particular 
transition  may  be  possible  in  all  members  of  the  family,  the  paths  or  the 
input  lists  required  for  the  transition  may  have  no  similarity.  In  certain 
cases,  a  controller  will  not  be  able  to  recognize  which  machine  it  is 
controlling,  and  thus  not  be  able  to  provide  the  correct  values  to  the 
machine  it  is  controlling. 
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The  controller  designed  in  Theorem  (5.3.2)  recognizes  which  member 

of  the  family  it  is  controlling,  after  it  encounters  a  critical  race.  Thus  it  is 

able  to  provide  the  correct  values  to  the  machine  it  is  controlling. 

Consider  two  machines   Ii    and  Zo   with  the  same  input  set  A  and 

the  same  state  set  X  of  a  family  M.  Let  both  machines  have  a  stable 

transition  from  the  potentially  stable  state  x  to  the  potentially  stable  state 
x'.  Let  the  machine   I:   have  the  stable  transition   s-^x^)  =  x'   and  the 

machine    I9    have  the  stable  transition    s2(x,u')  =  x',  where   x,  x'  e  X,  u,  u' 
g  A,  and   u  *  u'.  The  skeleton  matrix  of  M   will  have  a  one  in  the  entry 
corresponding  to  the  states  x  and   x',  but  a  controller  would  need  to  provide 
two  different  outputs  for  the  same  state  and  reference  input  in  this  case  to 
drive  both  machines  of  M   from  x  to  x'.  This  is  not  possible  for  our 
controller. 

Controller  existence  can  be  determined  for  a  general  family  of 
machines,  but  it  requires  looking  at  more  than  the  skeleton  matrices.  A 
method  of  existence  using  the  matrix  of  stable  transitions  should  be  able  to 
solve  this  problem. 


7.5  Strictly  Causal  Controllers 

In  this  work  we  have  constructed  causal  controllers  for  strictly 
causal  machines.  This  ensures  that  our  closed  loop  system  of  (1.1)  is  well 
posed.  We  could,  however,  construct  a  strictly  causal  controller  and  achieve 
the  same  results  as  with  the  causal  controllers  constructed  previously  in 
this  work.  There  is  a  drawback,  however.  A  strictly  causal  controller 
constructed  by  our  algorithm  requires  more  controller  states  than  the 
causal  controller  for  the  same  model  matching  problem.  This  does  not 
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mean  that  there  is  no  strictly  causal  controller  of  similar  or  smaller  size  to 
our  causal  controller,  but  the  algorithm  presented  here  generates  a  smaller 
causal  controller  than  strictly  causal  controller  for  the  same  model 
matching  problem. 

Consider  the  controller  of  Theorem  (5.1.3)  for  a  machine   L  = 
(A,Y,X,f,h),  and  suppose  we  would  like  to  alter   k    transitions  of  I.  Our 

strictly  causal  controller  requires    #A    states  in  place  of  the  single  initial 
state  ocq  of  the  controller  C  in  (5.1.3)  and    |  k  |    states  in  place  of  the  single 

state  a1  of  the  controller  C  of  (5.1.3). 

Our  strictly  causal  controller  requires  the  extra  states  because  its 
output  is  dependent  only  upon  the  current  controller  state.  Thus,  for  the 
controller  to  be  able  to  output  all  possible  reference  inputs,  the  controller 
needs  one  state  for  each  of  the  inputs  of  I.  Similarly,  for  the  controller  to 
output  the  correct  value  for  the  stable  combination  of  a  pair  to  alter,  the 
controller  needs  one  state  for  each  of  these  input  values.  The  rest  of  the 
strictly  causal  controller  is  constructed  similarly  to  the  causal  controller, 
with  the  exception  of  the  output  function  which  is  defined  only  at  each  state 
of  the  controller. 


7.6  Other  Work 

In  the  present  work,  a  specific  output  function  was  investigated,  i.e. 
the  output  of  a  machine  is  isomorphic  to  the  current  state  of  the  machine. 
Our  controller  requires  the  current  state  of  the  machine  to  generate  the 
appropriate  output  lists.  An  observer  is  needed  to  provide  the  controller 
with  the  present  state  of  the  machine  if  the  output  of  the  machine  is  not  the 
current  state.  Not  only  would  the  comparison  of  the  transition  maps  of  two 
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machines  be  needed  for  the  model  matching  problem,  but  the  output  maps 
of  the  two  machines  would  also  need  to  be  compared.  This  restricts  the 
machine  models  that  can  be  matched  with  a  corrective  controller,  and  the 
existence  of  such  a  corrective  controller  will  also  depend  on  the  observability 
of  the  states  of  the  machine  being  controlled. 

The  corrective  controller  constructed  in  this  work  ensures  that  the 
closed  loop  system  of  (1.1)  operates  in  fundamental  mode.  This  requires  the 
restriction  of  the  machines  controlled  to  those  without  any  unstable  cycles. 
A  controller  which  operates  significantly  faster  than  the  machine  it  is 
controlling  may  allow  the  correction  of  such  problems.  Control  could  then 
be  applied  during  the  unstable  transitions  of  the  machine  without  creating 
any  new  races.  We  would  allow  a  violation  of  fundamental  mode  because 
the  controller  could  change  the  inputs  to  the  machine  significantly  faster 
than  the  machine  could  change  states.  In  this  work,  input  changes  were 
only  allowed  during  stable  combinations.  This  requires  some  modification 
of  this  work,  the  matrix  of  transitions  and  skeleton  matrices  need  to 
modified  to  reflect  all  the  transitions  of  the  machine,  not  just  the  stable 
transitions. 
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